Personal documents have been found in an ACORN dumpster. It is easy to tell who is at fault because they were nice enough to leave them in red ACORN bags [picture]. If you are a political organization in the cross hairs you would think they wouldn’t be so cavalier with personal information. This is only another example that if you leave shredding to low level employees with no supervision you are begging for bad press. The only options are having a manager supervise the entire process or hire a shredding service. It is hard to imaging paying two people to shred at 20 sheets per pass would be cheaper than one person with a shredder that does 35,000 pages at a time.
It has long been assumed that if businesses would notify consumers of data breaches that the consumer would know to be more vigilant about identity theft. However, a new study by Javelin Strategy and Research found that is not the case. While 19% of the people who were sent notifications suffered identity theft, only 2% attributed it to the breach.
The notifications are obviously not clearly relating their intent. It might also be the some frivolous notifications make them all meaningless. I support that thefts of data should always be notified some data breach notification laws go too far and can only end up in “crying wolf” scenario.
The FTC announced that they are postponing the FACTA Red Flag Rule compliance deadline from 11/1/09 to 5/1/10. If this sounds like a broken record it is. The rule was first to go into effect on 11/1/8 but was postponed until 5/1/9 then again until 11/1/9 and now it is postponed once again. I think we are too a point where the rule as written is never going to go into effect. It is time to write one that can.