There’s a follow-up to a breach I had noted on this blog in 2014.
Release Date: Mar 15, 2016
TOPEKA – (March 15, 2016) – A business that dumped more than 900 files containing unredacted personal information of its customers and others will pay a hefty fine to settle claims that it violated Kansas consumer privacy laws, Attorney General Derek Schmidt said today.
In late March 2014, business files were discovered in an unsecured dumpster outside Central Regional Dental Testing Service, Inc., located at 1725 S.W. Gage Blvd. in Topeka. The files contained personal information about persons working with the business to obtain licensure as dentists or dental hygienists as well as about the patients of those persons. The files contained names, social security numbers, birthdates, addresses, medical history, x-rays and other personal information, according to a consent judgment filed in Shawnee County District Court.
After being alerted to the unsecured documents, the attorney general’s Consumer Protection Division secured them so the personal information was not exposed to potential identity thieves.
“Kansas law imposes a duty to properly dispose of customers’ personal information when business files are no longer to be retained,” Schmidt said. “Dumping sensitive records in an unsecured trash receptacle, where people’s personal information is readily exposed, does not constitute proper disposal.”
To settle the attorney general’s allegations, the company will pay a $70,000 civil penalty to the State of Kansas and also will reimburse the attorney general’s investigation costs. It also will pay the cost of properly destroying the records under supervision of the attorney general’s office. The consent judgment requiring this outcome was approved yesterday in Shawnee County District Court by Judge Rebecca Crotty.
Schmidt noted this is the second “document-dump” case involving improper disposal of paper records his office has prosecuted in recent years. In 2011, LS Management, Inc., in Wichita, the management corporation for Lone Star Steakhouse, settled similar allegations by paying a $200,000 fine. That case involved thousands of employee personnel files containing sensitive personal information.
“Identity theft is a serious national problem, including in Kansas,” Schmidt said. “The best way to address identity theft is to avoid it by properly securing personal identifying information before the identity thieves can get hold of it.”
A copy of the consent judgment in State ex rel Schmidt v. Central Regional Dental Testing Service, Inc., is available at: http://1.usa.gov/1RhIfJZ .
SOURCE: Kansas Attorney General’s Office
With so much focus on the protection of digital information, it’s important to remember that paper documents can be stolen with much less effort if not properly disposed of. A theft in this particular case could have affected not only those who were applying for licenses, but their patients as well. Thanks for sharing.