Some breaches make me want to curse. This news report out of Sevierville, Sevier County in Tennessee makes me want to yell, “When the hell are businesses going to start getting fined for just dumping unshredded files with PII?”
… Kim Pierce runs a video store in Sevierville and was shocked at what she found when she took out the trash on Sunday. “I grabbed the file and started looking and found there was actually three different people’s identity in the stuff that was lying right there on top.”
The file contained applications and confidential credit reports from Countrywide Home Loans located in the same strip mall.
[…]
We have received a statement from countrywide.
They say they have a strict policy that requires all customer information be shredded before it is disposed.
Countrywide says they’ve begun taking the appropriate steps to ensure compliance in the future.
Okay, I believe them. Sure. It was a one-off, right. Fine ’em all anyway and get the word out that there is a zero-tolerance policy for failure to protect data adequately.