Of the more than 80 businesses surveyed, bank branches, lawyers and doctors’ offices had confidential information in their trash bins.
The investigation was commissioned by the National Association for Information Destruction-ANZ (NAID-ANZ), in January and February 2013.
A licensed private investigator casually examined the contents of publicly accessible trash bins used by businesses with an established responsibility to protect client data.
A NAID-ANZ spokesperson said the study was designed to discover the relative percentage of confidential trash that might be available on any given day at a cross section of data-sensitive organisations.
“Some sectors did better than others,” said NAID CEO Robert Johnson. “For instance, of the nine randomly sampled trash bins serving government offices, no confidential information was found. On the other hand, bank branches fared less well with 40 percent found to be casually discarding confidential financial information.”
Included among a dozen or so of the most troubling findings, was a report listing an account holder’s information, including name, address, social security number, credit card number, account balances, and credit limits. A criminal could establish false credit or access the account holder’s funds with this information.
Another set of documents found outside a solicitor’s office included correspondence about a legal settlement for a real estate dispute, documenting the parties involved, the amount of the settlement, and bank account information for the account receiving the settlement.
Outside yet another law office were documents regarding a legal claim against an employer wherein a female employee brought charges about a specific medical condition in which she claimed resulted from a hostile workplace.
The investigator also found results of blood tests from a lab in the trash outside a doctor’s office. On the forms were patients’ names, addresses, social security numbers, and diagnostic information.
Not only does this violate doctor/patient privilege and the patients’ rights under the law, it also provides information that could be used to commit medical identity theft, one of the most insidious forms of this epidemic crime.
Chris Eastaughffe of the Private Group Pty Ltd, which was the licensed investigative firm commissioned to conduct the study, said the results are more demonstrative than scientific.
“We were instructed not to go to extreme lengths to access the trash bins,” said Eastaughffe. “We simply observed the contents as any curious passer-by might.” Eastaughffe hastened to add that no laws were broken during the study.
Among the sectors with marginal performances in the study, 25 percent of doctors’ offices were discovered to have confidential information in their trash bins as did 3 of 16 law offices.
In addition to government offices, sectors with good results included accounting firms with none of the 10 examined found to have confidential data and financial planners with none of the 16 offices examined yielding any confidential information.
Johnson admitted, while the approach mimics real world circumstances, the random sampling has to be taken into consideration.
In 2010 and 2011, Australians lost more than $1.4 billion due to personal fraud crimes. The results of the NAID-ANZ Disposal Habits Study also reflect the findings of the association’s Consumer Awareness Study released in 2012, showing both a lack of awareness and concern regarding the countries data protection laws.
Allowing unauthorized access to "personal information about an individual whose identity is apparent, or can reasonably be ascertained” is a violation of Australia’s Privacy Act of 1988 (the Act), which requires private organisations to protect sensitive information.
Under the Act, such information could include records on racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, criminal records that are also personal information, health information about individuals, or genetic information about individuals that are not otherwise health information.
The study shows recycled computers give away our most personal information
A two-month Australian study commissioned by the National Association for Information Destruction (NAID), a global, non-profit, data protection watchdog agency, has found significant amounts of personal information left on recycled computers.
For the organisations recycling their drives, this is a data breach problem. For individuals, some of their most private information is at risk.
The results are even more alarming given the new Privacy Act reforms that will be effective on 12 March 2014, requiring organisations to up the ante with respect to managing and safeguarding people’s personal information.
The study showed that 15 of 52 hard drives randomly purchased, approximately 30 percent, contained highly confidential personal information.
