UK: London's commercial trash contains lots of confidential data

Somewhat self-serving study, but the results are pretty much what I’d expect. In fact, I’m surprised that they didn’t find more:

According to a study commissioned by the National Association for Information Destruction (NAID), Phoenix, many London-area organizations engage in the casual disposal of sensitive personal information. NAID commissioned the study to determine whether organization were taking the recently escalated data protection fines of £500,000 (US$790,000) and the publicity about ID theft seriously.

In a month-long study, private investigators examined the contents of the city’s publicly accessible commercial trash containers to determine the amount of personal information present, according to NAID. The targets included a number of London-area hospitals, law offices, bank headquarters and branch offices as well as government agencies.

According to NAID board member Lloyd Williams of Nottingham, U.K.-based Shredall Ltd. (www.shredall.co.uk), “The instructions to the investigators were quite explicit. They were not to go to extraordinary lengths or breach any laws when examining the trash. We hired them to simply look in the bin to see what any passerby might find.”

Overall, 44 percent of the institutions, each with a legal burden to protect personal information, were found to be casually discarding personal information, NAID says.

According to the findings of the study:

• One private hospital was found to have discarded the medical records of 70 patients, which included their names, addresses and details of their treatment.
• At a London law firm, a 20-page document detailing the case of a young woman with mental health problems currently in foster care was found on the pavement in a trash bag. All four of the law firms whose commercial garbage was subject to investigation were found to have personal client details.
• Outside of a national drug store chain, trash was found to contain more than 20 prescription labels, including details such as patients’ names, addresses and details of the medication prescribed. Some also included doctors’ names, patients’ dates of birth and information on future requirements for medication.

[…]

NAID says it is not releasing the names of the organizations that were subject to the investigation.

Read more on Storage & Destruction Business.  I have been unable to find a report on the study either on NAID’s site or Crown Intelligence’s site, so if anyone has a link, please let me know.

About the author: Dissent

Comments are closed.