Monday, July 6, 2009

Protect Privacy: Demand Abandoned Business Records be Destroyed

I'm going to get into the latest on the Obama Administration's Cybersecurity Act and deep concerns that aspects of the NSA's Bush era monitoring program might be included in it tomorrow.

Today, I want to get to another one of our (The Consumer Federation of California) top privacy protection priorities this year that has recently garnered some media attention. I am referring to AB 1094 (Conway) and the need to institute stricter regulations of abandoned employee records that might contain personal, private information like a social security number.

Think about it: Do you really want to find out that abandoned records from a past employer that include your private information were found in the trash or on a hard drive, and are now being sold on eBay?

Believe it or not, this bill is the first in the nation designed to prevent this rather new and unique form of privacy invasion, and even identity theft.

Currently, when a business which ceases to operate, it is free to dispose of its records with little restriction even if these records contain personal information of its employees such as social security numbers.

AB 1094 would address this problem by requiring a business to treat abandoned records containing employee information with as much care as those records of consumers. An employer would have to ensure that all personal information is made unreadable before disposal.

This bill goes even further and creates incentives for entities such as storage facilities to also dispose of records containing personal information in a manner that is designed to protect a person's privacy.

The good news is I found an article explaing why this problem should be a concern to all those that value privacy, and how this particular bill will help solve it, in today's San Francisco Chronicle. Here's a few highlights from the article:

Every year, businesses go under and disappear, leaving behind boxes of transaction records, Social Security numbers and other sensitive information that could lead to identity theft and other forms of fraud. Landlords and owners of storage companies, who tend to get stuck holding these records, have no legal way to dispose of them and are paying thousands of dollars to store them. And the recession has only made the situation worse.


California is particularly hard hit by this problem because of the number of mortgage companies, title companies and brokerages that have disappeared. According to a survey done by Prism International, a trade group for information management, storage companies in California last year had to deal with an average of 29,110 cubic feet of abandoned records. Storing the records cost over $94,000, and shredding them cost $72,775.


Under the bill, holders of unwanted records could not be sued if records, including electronic records, were properly destroyed - if paper records were shredded, for example, or hard drives were wiped so the information is unreadable. Publicly available information is exempt, which means envelopes with names and addresses on them could simply be thrown away... next step is to convene experts to help her develop guidelines on how owners of abandoned records might be contacted and how records should be destroyed.

The good news is there has been next to no opposition to this legislation, and it appears guaranteed of passage. I think the more noteworthy aspect to this story, and this bill (hence why I am posting about it today), is that its the first of its kind to deal with a privacy threat that is relatively new - and which most Americans are largely unaware. Most importantly, as is often the case with California and our innovative approaches to public policy, other states will follow our example...something surely to be true in the case of AB 1094.

Click here to read the rest of the article.

No comments: