DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Is Florida failing to adequately protect its residents?

Posted on January 16, 2011 by Dissent

One of the recurring themes on my blogs is that we need a federal data protection statute that includes protection of paper records.  Breaches involving paper records also need to be included in any federal data breach notification statute.   Federal statutes are needed because too many states fail to address the security of paper records and fail to mandate disclosure and notification of breaches involving paper or non-electronic data records.

Florida is one of  a number of states that neither requires notification of breaches involving paper records nor secure disposal of such records.

In 2010,  I reported a number of Florida breaches involving paper records:

  • In May, hundreds of files containing personal information of AT&T cell phone customers, including credit card numbers, driver’s licenses and Social Security numbers, were found in residential recycling bin in front of a home in Jacksonville.  The records appeared to belong to the defunct  Ferrell Communication.
  • In October, an employee taking out the trash at a Southside office plaza found boxes of Jackson Hewitt employees’ W-2 forms, copies of their driver’s licenses, Social Security cards and other personal information.
  • In November, 1,000 to 2,000 voters’ petitions were dumped, unshredded,  in a dumpster in Hillsborough County.
  • In December, health insurance applications revealing Social Security Numbers and other personal  information were discarded, unshredded in Boca Raton.

Some breaches involved medical or health care information as well as personally identifiable information:

  • In January,  police turned up medical files containing information that could be used to commit identity theft in a trash bin near University Medical Clinics.
  • In July, dozens of boxes filled with personal records including Social Security Numbers turned up  in an Orlando dumpster. The files appeared to come from a defunct collection agency,  LV Financial Services, that provided collection services for medical offices.
  • In July, two people found thousands of  file folders with medical records and sensitive personal information such as Social Security Numbers and credit card numbers  at the Land O’ Lakes Recycling center.
  • In October, an auction at the Gulf Pines Hospital in Port St. Joe has former employees worried because  old files were still in the hospital, and people could have walked away with them.
  • The December incident involving unshredded health insurance applications included applicants’ medical history information.

In each of these breaches, the entity had no  obligation under state law to securely dispose of records and no obligation under state law to notify people about the breaches.

Even as I write this, sensitive health insurance applications remain in the hands of the individual who found them.

Florida – and other states who have as yet failed to enact adequate data protection and breach notification laws – should do so promptly.  I do expect that we’ll see some federal statute pass in Congress this year, but most federal proposals still don’t include paper records.

It shouldn’t matter to Congress and state legislators whether a person’s sensitive information is in electronic or paper format (or any other format, for that matter).  If you collect sensitive information, you should protect it.

Data Privacy Day is January 28. I would love to see some state legislators introduce bills to remedy this serious gap in protection and breach notification laws.

Category: Breach IncidentsCommentaries and Analyses

Post navigation

← FL: Healthcare Insurance Applications Found in Trash
For Data Privacy Day on Jan. 28: Access Offers Free Information Destruction Services →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.