DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Is Florida failing to adequately protect its residents?

Posted on January 16, 2011 by Dissent

One of the recurring themes on my blogs is that we need a federal data protection statute that includes protection of paper records.  Breaches involving paper records also need to be included in any federal data breach notification statute.   Federal statutes are needed because too many states fail to address the security of paper records and fail to mandate disclosure and notification of breaches involving paper or non-electronic data records.

Florida is one of  a number of states that neither requires notification of breaches involving paper records nor secure disposal of such records.

In 2010,  I reported a number of Florida breaches involving paper records:

  • In May, hundreds of files containing personal information of AT&T cell phone customers, including credit card numbers, driver’s licenses and Social Security numbers, were found in residential recycling bin in front of a home in Jacksonville.  The records appeared to belong to the defunct  Ferrell Communication.
  • In October, an employee taking out the trash at a Southside office plaza found boxes of Jackson Hewitt employees’ W-2 forms, copies of their driver’s licenses, Social Security cards and other personal information.
  • In November, 1,000 to 2,000 voters’ petitions were dumped, unshredded,  in a dumpster in Hillsborough County.
  • In December, health insurance applications revealing Social Security Numbers and other personal  information were discarded, unshredded in Boca Raton.

Some breaches involved medical or health care information as well as personally identifiable information:

  • In January,  police turned up medical files containing information that could be used to commit identity theft in a trash bin near University Medical Clinics.
  • In July, dozens of boxes filled with personal records including Social Security Numbers turned up  in an Orlando dumpster. The files appeared to come from a defunct collection agency,  LV Financial Services, that provided collection services for medical offices.
  • In July, two people found thousands of  file folders with medical records and sensitive personal information such as Social Security Numbers and credit card numbers  at the Land O’ Lakes Recycling center.
  • In October, an auction at the Gulf Pines Hospital in Port St. Joe has former employees worried because  old files were still in the hospital, and people could have walked away with them.
  • The December incident involving unshredded health insurance applications included applicants’ medical history information.

In each of these breaches, the entity had no  obligation under state law to securely dispose of records and no obligation under state law to notify people about the breaches.

Even as I write this, sensitive health insurance applications remain in the hands of the individual who found them.

Florida – and other states who have as yet failed to enact adequate data protection and breach notification laws – should do so promptly.  I do expect that we’ll see some federal statute pass in Congress this year, but most federal proposals still don’t include paper records.

It shouldn’t matter to Congress and state legislators whether a person’s sensitive information is in electronic or paper format (or any other format, for that matter).  If you collect sensitive information, you should protect it.

Data Privacy Day is January 28. I would love to see some state legislators introduce bills to remedy this serious gap in protection and breach notification laws.

No related posts.

Category: Breach IncidentsCommentaries and Analyses

Post navigation

← FL: Healthcare Insurance Applications Found in Trash
For Data Privacy Day on Jan. 28: Access Offers Free Information Destruction Services →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.