Data Dumpster Diving, Anyone?

Do you know where your paper customer records are? Better yet, does the state attorney general's office know? As both RadioShack and CVS/Caremark Corp. have found out this year, being in control of the former situation is so much better than ceding control in the latter.Both companies -- most recently CVS/Caremark -- are facing potential lawsuits, costly fines, and negative publicity after Texas authorities discovered that customer records had been improperly, illegally -- and just plain incredibly -- dumped into the trash behind one of their stores. In the case of CVS, the dumped data is said to have included hundreds of active debit and credit card numbers, complete with expiration dates.

It only took the actions of one store in each chain to trigger an embarrassing mess. In each case, store employees violated company policy. You might think that today, only someone living under a rock would be unacquainted with the perils of identity theft, and that most people -- certainly your employees -- would have a grasp of at least the rudimentary ways in which identity theft can be abetted -- and avoided. Even if these workers hadn't read the company data retention and privacy policies, surely they've heard of shredders?

In any case, the lesson here for corporate America, its security czars, and IT departments is both clear and simple: People are the weakest link in your security armor, and education has never been more crucial. After all, who needs Trojans, stealth code, stolen passwords, and encryption keys when you can count on one blockhead to just hand over a mountain of data on a silver platter?