Scott & Scott | Software Compliance Counsel
Scott & Scott Scott & Scott

« Supreme Court Issues Two New Patent Decisions - Part II – KSR International Co. v. Teleflex, Inc., 127 S.Ct. 1727 (2007) | Main | Avoiding Jurisdiction Based on Internet Contacts »

Paper Records and Information Security

JP Morgan Chase recently received an unwanted reminder that information security demands attention to more than just the data residing on network hard drives and digital media. “Protestors” from the Service Employees International Union (“SEIU”) filmed themselves sifting through trash in dumpsters outside several New York City Chase Bank branch locations and apparently finding numerous, un-shredded customer financial statements in trash bags awaiting pickup. (The SEIU has been in a dispute with Chase regarding the bank’s use of non-union security employees.) The video quickly achieved notoriety after being posted on YouTube.com here.

While the video might have been more clearly damning if it had included footage of Chase employees actually dumping the bags, regardless of its weight, it serves as a valuable reminder to all businesses maintaining sensitive customer records that information security does not begin and end with electronic data. Clearly, no IS policy is complete unless it includes provisions for the proper collection, handling, storage and disposal of paper records containing private information. Chase has stated that it has reached out to the SEIU for information regarding the records appearing in the video and that it is investigating whether and/or the extent to which its employees may have violated its internal IS policies.

The consequences for failing to adequately protect against loss or theft of personal customer data are becoming increasingly severe. Expenses associated with information security breaches can and often do include the costs to notify and assist affected persons, loss of customers, litigation and consulting costs, regulatory fines, and diminution of stockholder share value. In Chase’s case, if the video footage does in fact end up being evidence of a failure on the company’s part to effectively enforce the paper record disposal policies it says it has, then it is not difficult to imagine that the number of affected customers – and Chase’s potential loss exposure – could be quite high indeed.

For more information regarding the consequences of data breaches, you can obtain a copy of a recent national survey on that subject commissioned by Scott & Scott, LLP and independently conducted by the Ponemon Institute by clicking here.

Tags:

Posted on May 17, 2007 10:22 AM |

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Search


About

This page contains a single entry from the blog posted on May 17, 2007 10:22 AM.

The previous post in this blog was Supreme Court Issues Two New Patent Decisions - Part II – KSR International Co. v. Teleflex, Inc., 127 S.Ct. 1727 (2007).

The next post in this blog is Avoiding Jurisdiction Based on Internet Contacts.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Powered by
Movable Type 3.32