govlink-logo-250px

A Few Words About Us

Australian GovLink is published bi-annually with a purpose to promote and review major initiatives in local, state and commonwealth government departments and to encourage the principles of progress through partnerships between the private sector and government.

A+ R A-

Throwing away people’s identity – Study shows Australian organisations have room for improvement
Rate this item
(0 votes)

In a survey of commercial rubbish bins in the Sydney metropolitan area, 11 percent contained personal confidential information readily accessible to passersby and identity thieves. Of the more than 80 businesses surveyed, bank branches, lawyers and doctors’ offices had confidential information in their trash bins.

Fortunately, no confidential material was found at any of the nine bins sampled at government offices. However, this is no cause for complacency as on a different day this could have been a very different story. Indeed, when a similar study was carried out in Madrid, Spain, every single government office was found to be throwing out confidential information.

The investigation, commissioned by the National Association for Information Destruction (NAID), took place in January and February 2013. A licensed private investigator casually examined the contents of publicly accessible rubbish bins used by businesses with an established responsibility to protect client data. The study was designed to discover the relative percentage of confidential trash that might be available on any given day at a cross section of data-sensitive organisations.

“Some sectors did better than others,” said NAID CEO Robert Johnson. “For instance, of the nine randomly sampled rubbish bins serving government offices, no confidential information was found. On the other hand, bank branches fared less well with 40 per cent found to be casually discarding confidential financial information.”

Included among a dozen or so of the most troubling findings, was a report listing an account holder’s information, including name, address, Medicare number, credit card number, account balances, and credit limits. A criminal could establish false credit or access the account holder’s funds with this information.

Another set of documents found outside a solicitor’s office included correspondence about a legal settlement for a real estate dispute, documenting the parties involved, the amount of the settlement, and bank account information for the account receiving the settlement. Outside yet another law office were documents regarding a legal claim against an employer where a female employee brought charges about a specific medical condition in which she claimed resulted from a hostile workplace. Not only does the release of this information compromise the lawyers’ professional responsibility to keep client information, it could have compromised the client’s claim and reputation.

The investigator also found results of blood tests from a lab in the trash outside a doctor’s office. On the forms were patients’ names, addresses, medicare numbers, and diagnostic information. Not only does this violate doctor/patient privilege and the patients’ rights under the law, it also provides information that could be used to commit medical identity theft, one of the most insidious forms of this epidemic crime.

Chris Eastaughffe of the Private Group Pty Ltd, which was the licensed investigative firm commissioned to conduct the study, said the results are more demonstrative than scientific.

“We were instructed not to go to extreme lengths to access the trash bins,” he said. “We simply observed the contents as any curious passerby might.” Eastaughffe hastened to add that no laws were broken during the study.

Among the sectors with marginal performances in the study, 25 percent of doctors’ offices were discovered to have confidential information in their rubbish bins as did 3 of 16 law offices. In addition to government offices, sectors with good results included accounting firms with none of the 10 examined found to have confidential data and financial planners with none of the 16 offices examined yielding any confidential information.

Johnson admitted, while the approach mimics real world circumstances, the random sampling has to be taken into consideration.

“On a different day or time of year, our results could have been markedly different,” said Johnson.

While the results of the Sydney study demonstrate the need for improvement, the overall results are actually better than similar surveys conducted in other cities. In the same study conducted for Toronto, Canada; Madrid, Spain; and London, U.K., more than 40% of commercial trash bins contained confidential information from the same cross section of organisations.

“Though the Australian survey results were better than other similar studies, it would be a mistake to consider it acceptable,” added Johnson. “According to the Australian Crime Commission, identity theft is the fastest growing crime in the country. Studies have shown that these criminals often rely on low-tech, untraceable sources of personal information. Dumpster diving is a big part of their trade craft.”

In 2010 and 2011, Australians lost more than $1.4 billion due to personal fraud crimes. The results of the NAID Disposal Habits Study also reflect the findings of the association’s Consumer Awareness Study released in 2012, showing both a lack of awareness and concern regarding Australia’s data protection laws.

Allowing unauthorised access to “personal information about an individual whose identity is apparent, or can reasonably be ascertained” is a violation of Australia’s Privacy Act of 1988 (the Act), which requires private organisations to protect sensitive information. Under the Act, such information could include records on racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, criminal records that are also personal information, health information about individuals, or genetic information about individuals that are not otherwise health information.

Also, as a result of a new law created in October 2012, the Australian Privacy Commissioner will be able to issue million-dollar fines to government agencies and companies for serious and repeated privacy breaches online. Unfortunately, at this time, there is no similar law to protect citizens from organisations that throw that same information in the trash.

You would expect most organisations looked at in the study, including government offices, to have various policies and procedures in place for dealing with confidential information. However, even if, for example, an office shredder has been provided, busy employees often do not use them because it is inconvenient and time consuming. There is rarely any training or enforcement and, because the organisation would likely never know their rubbish is being used for such sinister purposes, management fails to make it a priority.

In order to be 100% sure no confidential material is inadvertently placed in normal rubbish or recycling bins, a foolproof system is recommended where all material gets securely destroyed before being recycled.

Bob Johnson is the founder and CEO of the National Association for Information Destruction. For the past 19 years, he has been consulting with policy makers and businesses globally on data disposal, data protection legislation, employee compliance strategies and data protection policy development. He is one of the foremost authorities on information destruction in the World. The National Association for Information Destruction’s Mission is to promote the proper destruction of discarded information through education and to encourage the outsourcing of destruction needs to qualified contractors, including those that are NAID certified. (www.naidonline.org) His Twitter handle is @BobatNAID.

Last modified on Tuesday, 28 May 2013 20:43

Add comment


Security code Refresh

Banner

About Us

BGP Publishing
PO Box 159,
Newport Beach,
NSW 2106


Ph. 1800 720 585
govlink@bgp-publishing.com.au