On August 28, Missouri’s new data protection law went into effect. Fat lot of good it did for past clients of Nationwide Credit Counseling. When their financial records, replete with personal information, were found in bankers boxes in a dumpster , were they notified of the breach? No. And was any action taken against the company for just dumping their data? No.
OzarksFirst.com, which broke the original story, now reports:
Police are dropping the case against a suspect who threw away sensitive documents in a dumpster in Battlefield….. Dave Vallely, Battlefield police chief, says the company that owns the dumpster does not want to prosecute.
Investigators found a suspect, but now they will close the case. Vallely says he does not believe any crime other than illegal dumping was committed.
Missouri’s data protection law does not cover paper records or paper breaches. So Nationwide may have exposed numerous people to identity theft or fraud and get off scott free.
Nor does H.R. 2221, the Data Accountability and Trust Act, include required notification of breaches involving paper records.
If consumers are to have trust, we need to trust that our personal information will be protected, regardless of whether it is in paper format or electronic. As the ITRC’s press releases this year indicate, paper breaches now account for 27% of all breaches included in their annual statistics. Any proposed federal legislation that does not include both protection of paper records and disclosure of paper breaches is incomplete and should be amended.