DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Breach reports involving paper records increase – ITRC

Posted on October 1, 2009 by Dissent

The Identity Theft Resource Center (ITRC) has released an interim report that reveals that breaches involving paper records appear to be increasing significantly compared to last year while the number of incidents involving electronic records has not showed a similar increase.

According to a press release today, paper breaches currently account for 25% of all breaches recorded in their 2009 database whereas for all of 2008, paper breaches accounted for 17.8%. In 2008, there were 116 paper breaches for the entire year, whereas as of September 30, there have already been 99 incidents recorded.

The business sector accounts for 35 of the 99 paper breaches recorded in their database, with the financial and education sectors recording the fewest paper breaches.

Because not all states require disclosure of, or notification of, paper breaches, it is impossible to estimate how prevalent paper breaches really are or whether what appears to be an increase might simply be an artifact of increased media coverage or public awareness.

Texas is one of a few states that aggressively deals with paper breaches. In August, Attorney General Greg Abbott announced a settlement with with Cornerstone Fitness over improper protection of paper records, and in 2008, he announced settlements with CVS, Radio Shack, CNG Financial Corp. and its subsidiaries, Check ‘n Go of Texas, Inc. and Southwestern & Pacific Specialty Finance, Inc. , GAB Robins, B&F Finance McAllen, L.L.C. , and filed an enforcement action against Nino Tax. Similarly, Indiana Attorney General Attorney Greg Zoeller announced a settlement with CVS and Walgreens chains over the fact that pharmacy records were found in bins behind stores. The FTC had settled its complaint against CVS over failure to secure medical and financial data the prior month.

Paper data breaches may present easier opportunities for identity thieves because the information is “ready to use” and may include signatures. A number of identify theft cases prosecuted within the past year have involved the theft of mail containing personal information that was then used for fraudulent purposes.

According to ITRC, it is critical that both state and federal governments recognize and convey the importance of regulating “best practices” protocols for paper document storage and disposal. ITRC recommends that new breach laws, and amendments to current laws, take into account paper breaches in a manner similar to statutes affecting electronic data breaches.

Related posts:

  • ITRC 2010 Breach Report
  • Break’s over: after decline in 2009, breach reports appear to rise in 2010
  • Data Breaches: A Black Hole – ITRC
  • Health Data Breaches in 2017: The Year in Review
Category: Commentaries and AnalysesOf NotePaper

Post navigation

← Probe Targets Archives’ Handling of Data on 70 Million Vets
Dutch bank DSB denies problems after TV comments →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.