Do you know where your paper customer records are? Better yet, does the state attorney general's office know? As both <a href="http://www.informationweek.com/showArticle.jhtml?articleID=198702184">RadioShack</a> and <a href="http://www.informationweek.com/news/showArticle.jhtml?articleID=199101637">CVS/Caremark Corp.</a> have found out this year, being in control of the former situation is <i>so</i> much better than ceding control in the latter.

Patricia Keefe, Contributor

April 19, 2007

1 Min Read

Do you know where your paper customer records are? Better yet, does the state attorney general's office know? As both RadioShack and CVS/Caremark Corp. have found out this year, being in control of the former situation is so much better than ceding control in the latter.Both companies -- most recently CVS/Caremark -- are facing potential lawsuits, costly fines, and negative publicity after Texas authorities discovered that customer records had been improperly, illegally -- and just plain incredibly -- dumped into the trash behind one of their stores. In the case of CVS, the dumped data is said to have included hundreds of active debit and credit card numbers, complete with expiration dates.

It only took the actions of one store in each chain to trigger an embarrassing mess. In each case, store employees violated company policy. You might think that today, only someone living under a rock would be unacquainted with the perils of identity theft, and that most people -- certainly your employees -- would have a grasp of at least the rudimentary ways in which identity theft can be abetted -- and avoided. Even if these workers hadn't read the company data retention and privacy policies, surely they've heard of shredders?

In any case, the lesson here for corporate America, its security czars, and IT departments is both clear and simple: People are the weakest link in your security armor, and education has never been more crucial. After all, who needs Trojans, stealth code, stolen passwords, and encryption keys when you can count on one blockhead to just hand over a mountain of data on a silver platter?

About the Author(s)

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights