It seems contradictory – we live in a digital world, but that makes it even more necessary to secure our paper documents. The potential consequences of a data breach aren’t unfamiliar, thanks to large, well-known corporations that end up on the evening news. Some of the most recent, significant breaches include:
- YAHOO had two large breaches in the past decade; in 2013, 2 billion accounts were hacked. The following year another 500 million were hacked, including phone numbers, passwords and birthdates.
- LINKEDIN also had two large breaches recently. In 2012 165 million users had their information stolen by Russian hackers, who posted the information in a Russian hacker forum. To make matters worse, it took LinkedIn four years to discover the attack. Then in June of last year, 700 million users’ information was posted on the dark web, about 90% of its database.
- ALIBABA lost 1.1 billion customers’ data over the course of eight months in 2019.
As you can see, these recent examples are largely digital-based. There seems to be a slight bias in the news over the years with the focus on digital breaches. In reality, though, paper-based breaches are still common and cause just as much damage. Some of the more significant paper-based breaches you might not have heard about include:
- A MEDICAL CLINIC in Florida lost about 500,000 paper patient records in 2015, leading to a class-action lawsuit.
- INUVIK HOSPITAL had about 7,000 patient records stolen in 2016.
- BELL CANADA had a digital breach in 2018, but a larger breach the year before saw almost 2 million records disappear.
What Organizations Are Affected by Paper-Based Breaches?
When exploring digital data breaches, it’s easy to say every organization can fall victim to hacking and other online threats. For example, dating websites, charities, online retailers, social media platforms, utility companies, financial and credit card companies, government websites, and more have been affected. However, paper-based breaches are heavily centred around healthcare and financial industries. This is likely because the law requires them to keep paper records for a certain time frame. These records always include sensitive data such as OHIP and SIN information, address, date of birth, tax and financial history, etc.
How Do Paper-Based Breaches Happen?
There appears to be a consistent pattern with paper-based breaches. Leading to three main types of leaks:
- It was an inside job, with an employee at fault. Either the physical records are stolen, or copies are made and taken away, making it harder for the organization to discover. Inside jobs can be intentional or a costly mistake.
- Paperwork can also disappear in transit. Some organizations store older records in off-site storage facilities. Similar to the above, paperwork does get stolen, but it may also be an accidental breach. A great example is the radiology clinic in the U.S. that didn’t properly close the vehicle’s door while transporting records, so they spilled out onto the road.
- A business has digitized its files but doesn’t properly dispose of the hard copies.
Taking Preventative Measures:
- Train your employees to understand the importance of properly securing and/or destroying paper records.
- Create and follow a Document Retention Schedule (DRS) to help staff understand when to keep and when to destroy a record.
- Shred everything that is no longer useful to your organization or that is no longer required by law.
- Storing private records in a secure off-site location can help protect them from employees who may look to profit from them. Additionally, limit the number of employees who can access the files and keep their location private from the rest of the organization.
- Be sure the documents are secure during transport. The example above where the radiology clinic spilled patient records out of the moving vehicle should never happen. With portable storage devices such as the Shred Cart that First Stop Services has available, you can store six banker boxes of paperwork in the shred cart, which locks and remains secure until it’s time to shred.