The paper data breach

In the digital age, much emphasis is placed on protecting electronic data, but very little seems to have changed in the way of protecting data on paper. Here are a few examples:

  • Charity – I am often approached on the street by a representative of a charity wanting monthly donations by direct debit. While listening to what the charity does, large quantities of information on paper is often visible. The number of times bank details, names and addresses from earlier in the day are visible to me while engaging with charity staff, is quite incredible. We are not talking about obscure charities, but mainstream national and international names.
  • Banking – I recently entered one of my banks and was asked questions in the doorway about insurance products. The sales approach was to find out what people needed, then arrange a follow-up call to discuss the needs in more detail. This information was visible on a clipboard which included full name, address and contact telephone number. Again, this was at a high-street bank branch.
  • Car Hire – I once arrived to collect a car, only to see all the customer contracts arranged on the counter for everyone to see. The top pages included full names and addresses, price information and contact telephone numbers. These included my personal details.
  • Street Stands – most people will have at some point been approached by people asking what broadband they use, or what utilities they have, a pretext for a conversation about how their services are better value for money. So much personal information is visible to other people as a result of this activity. With so many new brands emerging and advertising in this way, it is conceivable that such stands could be set up for the purpose of gathering information which could be used for identity fraud. Conversations are often very intrusive and far exceed what is reasonable. This is truer for street stands advertising credit cards which have become very popular over the last couple of years.

More care needs to be given under these conditions. Beyond what is observable personally while out and about interacting with businesses, the following have been observed professionally within businesses over the years:

  • Printed documents left abandoned on a printer for everyone to see. This includes staff that may not be authorised to see the content and visitors; not to mention cleaning companies which often have a high staff turnover. Printers are available that require people to log on to print their documents rather than printing immediately. Unprinted documents can be periodically deleted if not collected. This saves paper as well as improving data security.
  • Documents left in meeting rooms instead of being securely recycled
  • Visitor sign-in sheets which sometimes include more details than needed
  • Unlocked filing cabinets and desk draws
  • Documents left on desks over night

It is clear that while a significant focus is on digital data protection, the number of cases is high where personal data on paper is exposed to all and sundry.