Get documents about "The Vault
Document Sample
The Vault The Vault
January 2006 / February 2006
Identity Theft — Could it happen to you?
Inside this issue:
The answer is yes. • A 2003 CSI/FBI study
Even worse it could found employee
1
IDENTITY THEFT -
happen more easily insiders commit
approximately 80% of COULD IT HAPPEN TO
than you think. In
all computer/internet YOU?
December the Toronto A recap of Privacy
Board of Trade held an crimes.
Commissioner Dr.
event on identity theft Ann Cavoukian’s eye-
featuring Ontario’s • 58% of Canadians opening presentation
would terminate their on identity theft.
Privacy Commissioner
Dr. Ann Cavoukian. Dr. relationship with a
company that CHOOSE YOUR 2
Cavoukian cited
compromised their Destroying personally identifiable VENDOR
several alarming points
personal information. information stored on computers
CAREFULLY!
of interest: (Ottawa Business Journal, is a key component of identity
Readers may be
theft prevention.
November 22, 2005) alarmed by the use
of authentic medical
• Identity theft is the consumers are at the
records on a Toronto
fastest growing form Dr. Cavoukian mercy of their movie set. The story
of consumer fraud in explained that nearly practices. is disturbing in more
North America. 90% of the US ways than one.
population could be The news wasn’t all
• Victims usually uniquely identified bad. Dr. Cavoukian TO OUTSOURCE OR NOT 3
become aware of the through three pieces of highlighted how TO OUTSOURCE?
problem only after information (i.e. embracing privacy Security and trust are
damage has been huge issues. But,
birthday, gender, and initiatives can present
done. does handling the
postal code). These an opportunity for issue internally
crimes depend on a businesses. increase the chances
• The Commissioner’s steady, easily Organizations that of what you want to
Office holds demonstrate a avoid most?
accessible supply of
businesses information. commitment to insuring
accountable for customer privacy instill 4
DATAXILE IN
protecting their consumer confidence.
Perhaps most PHOENIX
customers’ personally
As such, they will be NAID held a
identifiable disappointing is that
well positioned to build conference in
information. individual consumers Phoenix. dataXile was
enduring customer
have little control over the only Canadian
trust and loyalty. By not Electronic Information
the problem. With all
taking precautions, Destruction Company
sorts of businesses
companies risk there.
collecting personal
devaluing their market
information about their
position.
customer base,
Destroy your information — not your company!
The Vault
Choose Your Vendor Carefully!
In an ideal world, recycling IT Although dataXile services Whether your documents are
assets or sensitive documents include recycling for paper or in electronic format,
would not pose a security technology equipment we are service providers need to
threat. Unfortunately, as a quick to point out this does not answer questions. Issues like
Toronto Health Clinic recently necessarily provide security. A collection, process, and the
learned, the world is far from similar breach could occur use of any subcontractors
ideal. In a widely publicized with any IT assets possessing must be addressed. If you do
incident, the clinic’s private storage capabilities. There are not feel comfortable with the
health records were literally numerous companies in the answers keep shopping
blowing in the wind on a market interested in around until you are confident
downtown Toronto street being recovering value from dis- in your provider.
used for a movie set. carded items. Few of them are
Despite being the first two
concerned with secure infor-
The clinic’s paper-disposal companies to face an order
mation destruction and data
provider, which offers both under PHIPA, they are lucky it
disposal.
shredding and recycling was not worse. Neither the
services, mistakenly believed As the Toronto health clinic clinic nor the paper disposal
these documents were to be and its paper disposal provider company was publicly
recycled. The company discovered, this is bad for identified. Future violators
subcontracted the paper to business in more ways than may not be as fortunate. Many
Are you sure you know another recycling company, one. Upon investigation, both organizations would find such
exactly who can access your which in turn sold it to the film organizations were deemed to a breach combined with
data? production company. have violated Ontario’s publicity devastating.
Personal Health Information
It is important to know whether Protection Act (PHIPA),
your service provider uses prompting Ontario Privacy
subcontractors. Clients need to Commissioner Dr. Ann
The clinic’s know who is touching their Cavoukian to issue the first
data, paper or otherwise. order under the new law.
private health
records were
literally To Outsource or Not to Outsource?
blowing in the Understandably, some Even if employees are As privacy legislation
wind on a organizations are reluctant to
outsource data destruction.
trustworthy, they frequently
have conflicting
becomes more rigid,
organizations need to
downtown Security and trust are huge
issues. However, handling the
responsibilities. As a result of
its tedious nature, data
understand the resources
required and the risks
Toronto street! issue internally might not
solve the problem. In fact, it
disposal is often low priority.
Negligence could haunt
involved. This is particularly
true for firms where electronic
could make it worse. Since organizations. Imagine your data disposal will be a
80% of all computer and company's information falling reoccurring issue. Many
Internet related crime is into the wrong hands. Just companies already outsource
committed by insiders one mistake could be the destruction of their
companies need to be wary of destructive. Outsourcing paper-based information. At
the threat internal staff poses. electronic data destruction dataXile we expect many of
Decision makers need to makes good business sense. these organizations to adopt a
consider who the bigger threat Doing so allows your similar policy for electronic
is: an outsider with minimal employees to concentrate on documents.
knowledge of the specific their core competencies,
industry or a disgruntled leading to time and cost
employee who knows exactly savings. Furthermore, you can
what they are looking at? assure your clients that you
are serious about
Private information is stored on
many types of technology. Is your safeguarding their data.
data at risk?
The Vault
National Association for Information Destruction Conference
In November 2005 Joseph Bozic represented dataXile at the National Association for
Information Destruction (NAID) conference in Phoenix. In its unwavering commitment to being
the industry leader, dataXile was the only Canadian electronic data destruction company to
attend the event. Although geared to the US market the conference was extremely informative
and well worth attending. Topics of discussion covered three key themes, Current Legislation
Impacting Information Destruction, Information Destruction during Litigation, Investigations and
Audits, and Everything You Need to Know About Destroying Information on Computers.
Current Legislation Impacting Information Destruction Consult dataXile for help with
a data disposal policy.
• Standard – “Any person who maintains or • Lost assets (i.e. laptops) are a bigger source
otherwise possesses consumer information of security breaches than hacking
for a business purpose must properly
dispose of such information by taking
The general consensus is that legislation will
reasonable measures to protect against the
unauthorized access to or use of the
continue to evolve and become more rigid over dataXile was
the only
time.
information in connection with its disposal”
• Standard - Applies to both paper and
electronic forms of information
Canadian
• The rule applies to both the entity owning the electronic data
information and the service provider
destruction
company to
Information Destruction during Litigation, Investigations and Audits
• Fulbright & Jaworski’s • Once a party “reasonably The presenter for this topic
attend the NAID
annual survey of anticipates litigation,” or was renowned legal authority
Alan Ross. The overlying
conference
corporate counsel names receives notice of a
e-discovery the No. 1 government investigation theme was that the history of
new litigation related- or audit, they must data disposal practices in your
burden for companies immediately implement a organization is critical. If they
with revenue exceeding “litigation hold” by are proven and established, it
$100 million annually ceasing routine will be easier to establish
document destruction credibility. If they are not, you
• Record retention policies policies risk leaving your organization
are becoming far more vulnerable to the opinion of
important • Proof of practices is the court or authority. Clearly
extremely important, as is establishing an information
• Violation of Sarbanes a consistent history destruction policy is good
Oxley could result in business practice.
fines, imprisonment or
both CDs are a potential security
risk.
Everything You Need to Know About Destroying Information on Computers
This panel discussion featured significantly. Both Singer- It has always been dataXile’s
Angie Singer-Keating and Bob Keating and Haskins made it position that people with
Haskins. Singer-Keating and clear destroying information technical expertise should
Haskins are the chief on IT assets is complete this task. It was also
executives of Reclamere far different stressed that utilizing internal
Incorporated and Gigabiters than on paper. staff can needlessly put your
Incorporated respectively. Therefore, it is company at risk.
Both firms are established important to
players in the US information complete your
destruction industry for IT due diligence
assets. Interestingly, both when selecting
echoed dataXile’s sentiment a service Backup tapes should be
that the industry will grow provider. cleaned when no longer in
use.
The Vault
dataXile is an information security company
committed to secure electronic data disposal.
Phone: 416-657-8877 We realize that shortcuts can harm your
E-mail: information@dataXile.com business. Knowing this, we treat your data
with the utmost respect. Security breaches
regarding information destruction are
Don’t Trash Your Information—Xile it! unacceptable.
For peace of mind contact dataXile.
www.dataXile.com
