Bernard Watson reports on a breach involving Staffing Solutions that they had reported last week. In this case, I think a business may get a bad rep for something that really wasn’t their fault at all. See what you think:
“We will keep your information secure.”
That is the mantra Shawn Poole has based his company’s reputation on. The CEO of Employ Bridge said keeping employees personal information secure is a top priority. But a little more than a week ago, CBS Atlanta started asking Tough Questions about one of Employ Bridge’s companies after thousands of documents containing personal information were found in a Gwinnett County recycling dumpster.
Poole said he saw a story on CBS Atlanta about the situation and he started an investigation.
“We couldn’t figure out how that could have happened, so what we did was we went and talked to each of our branch offices here in Metro Atlanta to see if they had disposed of any records over the weekend and really the last six months. The answer was no,” said Poole.
Poole said after investigating further he learned the documents were taken from a Alpharetta office without the company’s knowledge or permission.
“The lease ends in February of this year and the landlord [Tempo Real Estate Corporation] was under the impression it ended on Dec. 31 and he sent a cleaning crew in there to clean out the offices,” Poole said.
Read more on CBS Atlanta.
Its a triple edged sword here, it seems like ALL 3 parties are at fault, mainly for lack of communication to each other, and ASSuming that everything will play out just fine.
Since there is little information about the office that got cleaned out, its hard to tell if the place still looked occupied, or looked abandoned.
The owner should have doble checked the lease agreement prior to barging in and assuming that the place was emptied. The owner probably did not visit the establishment, and ordered the cleaning crew to proceed.
I am sure the 3rd party cleaning crew is at fault as well. If there is questionable materials that are found, they should have simply left them in the office and called the owner and told the owner THEY need to dispose of the potentially sensitive information vice just removing it. Once you get involved with a process that could be construed as a breach, then you have jumped in the pot of festering stew as well. The breach would have not happened if the 3rd Party cared.
If the company knows they are about to vacate the premises over the next few months, and have a reputation to uphold, then they need to be proactive. If they had material that was sensitive and was not clearly marked, they too are part of the problem. Marking material appropriately can deter people from doing something they should not, and it could hold up in court if an insider used information illegally…. it was clearly marked and the person(s) cannot deny seeing a control in place.
Maybe a clear cut work order form needs to be established. Not necessiarily a contract per se, but a list of what the 3rd party is supposed to do, and what not to do. Add in contact information along with a clause protecting the 3rd party should they run into any confidential info. This all seems like an easy fix, if the management and staff acts responsibly in all three companies.