

Macy's parade: 'Shredded police papers in confetti' - akandiah
http://www.bbc.co.uk/news/world-us-canada-20487235

======
btipling
I suspect the police department used a document disposal company, and this
company took advantage of an opportunity to supply some organization at the
parade with paper and simply ignored the security requirements of their
customers.

Given that the actual shredding job wasn't very good in the first place, the
Nassa County Police should probably start looking for a new document disposal
provider.

~~~
revelation
Surely police departments aren't allowed to hand such sensitive data to just
any external processing company?

~~~
philwelch
I don't know about police departments, but every big company I've ever worked
at outsourced their shredding. Any sensitive documents went in the shred bin,
which was periodically picked up by the shredding company. It makes no sense
to me either.

~~~
jrockway
I think the security level is different. I wouldn't use a shredding service to
dispose of old checks or my social security card, but for things that don't
matter to the real world like performance reviews or meeting notes, I think
it's fine.

Everywhere I've worked, the bin has always been "secured" with a three-pin
lock that can be picked with a paperclip. That's a good way of expressing how
seriously document destruction is taken.

~~~
Devilboy
If you have really serious security concerns, there are companies that will
shred your documents on-site and then take them away to be burned.

------
adriand
Could people who picked up pieces of confetti and stuck them together in order
to decipher their contents be charged with a crime, similarly to how people
have been prosecuted for "hacking" by retrieving information through trivial
tinkering with public URLs?

~~~
geekam
>> similarly to how people have been prosecuted for "hacking" by retrieving
information through trivial tinkering with public URLs

I had no clue that happened. Scary.

~~~
damian2000
Good example of it here: <http://risky.biz/minter> (direct object reference in
URL)

------
jevinskie
Cross cut shredders people! NSA specifies:

“Maximum Particle Dimensions: 75% of the shredded particles shall have no edge
dimension exceeding 5 millimeters in length. The remaining particles may
exhibit edge dimensions between 5 and 12.5 millimeters in length.”

Better yet, shred then take it to a recycling center where it is pulped
immediately. Or shred it then burn it if you are cold/don't care about carbon
emissions!

~~~
dpearson
It doesn't matter how it's shredded; you still shouldn't be throwing paper
that had someone's social security number on it (especially when that someone
is a detective whose whole identity has now been revealed) off of a roof on
national television.

~~~
kmfrk
They would probably be crucified, if they were subject to something like
HIPAA.

~~~
gry
I am not a lawyer.

In my experience, HIPPA does not provide any spec. It is akin to "did/do you
have reasonable precautions for X?" so every organization is different, though
many go to the extreme under HIPPA, because it providing documentation you had
documentation, or documented you provided the document ad nauseam. It has
little do do with how to mangle a document.

That said, HIPPA does have something: it persuades cynicism and paranoia. Two
words which make cautious.

------
rhplus
In large organizations that out-source their recycling/shredding there are
typically two bins: a wide mouth "Paper Recycling" bin and a small mouthed
"Secure Shredding" bin. I wouldn't be surprised if an office worker saw the
two bins and decided against feeding a huge stack of documents 20-at-a-time
into the secure bin instead dumped the whole stack into the non-secure bin.

------
Tichy
Must have seemed like a brilliant plan: where better to hide the papers than
in a confetti parade?

~~~
dmix
> where better to hide the papers than in a confetti parade?

At a recycling facility with security guards.

------
nisse72
Learned something today: Macy's has an "official confetti".

------
ChuckMcM
This is amazing. That _anyone_ in law enforcement could imagine not having an
audited document disposal process is hard to believe.

~~~
dagw
I imagine they probably do have an official and audited document disposal
process which complies with all relevant recommendations, but someone along
the line simply ignored it.

------
zalew
I remember in Brasil companies throwing out their shredded docs from the
office building, as confetti.

------
skyebook
What's most perplexing to me is how/why shreddings from a police department in
a suburban police department came to be used, considering the relative size of
the NYPD. Unless the floats and everything relating to the parade were
prepared on the island.

------
Evbn
I am surprised that there isn't some form of corn-starch-based confetti that
would dissolve in the rain, used in these parades. It would be cheaper than
paper due to corn subsidies.

~~~
DrJ
this might be a viable food source for the local rodent population.

