

Paper-based data breaches on the rise - ax0n
http://voices.washingtonpost.com/securityfix/2009/12/paper_data_breaches.html

======
presidentender
I recall a children's book in the "boy detective" genre, in which the villain
was stealing the used typewriter ribbons from the dumpster of some businesses
and reading the information on them.

The "it must be some computer whiz breaking our database!" plot was a major
red herring, but the characters believed it, because computer security was
under closer scrutiny. This seems to be the same sort of problem: digital data
is insecure and people will try to steal it, but paper isn't.

------
pasbesoin
Having spent considerable time in quite a few positions/organizations, often
around sensitive materials, this surprises me not at all. In many
circumstances, if an employee points out the problem, they are ignored or
criticized for making things "more difficult".

People don't care. Once the records have no value to them, they want to be rid
of them as expediently as possible. And/or they haven't been taught to even
consider the matter. It's only when people are actively incentivised to handle
things differently (good management and operations education and practice, or
punitive incentives against negligent behavior), that they go to the trouble
of ensuring proper disposal.

Again, my personal experience has been: People are busy and/or don't care.
They want the stuff gone with minimum fuss so that they can get back to what
matters for them. "Who's ever going to look in that dumpster?" There's also a
lot of cognitive "not my problem", in my observation.

I mention this because if you are a stickler for handling important things
correctly, such as security, learning the above is an important first step.
Both in maintaining a healthy distrust of casual reassurances, and in being
prepared to maintain your calm and blood pressure when you run across the
results.

