Hello world

A Treasure Trove of Data on Old Devices

Consider for a moment all of the information stored on that old laptop computer that was retired and is now sitting on a shelf somewhere in the office.  It is widely believed that over half of critical corporate data resides on unprotected PC desktops and laptops. (Source: Computer Troubleshooters. 2012).

That may be an obvious risk.  But what about the information that is stored on your office copier or fax machine?  Did you know that today’s “document management systems” have hard drives just like that laptop that store the documents that you just copied or scanned?

Unfortunately, nobody explained that to Affinity Health Plan, Inc., a managed care plan, who discovered this the hard way.  In August 2013, they announced a £1.2 million settlement with the US Department of Health & Human Services for an alleged violation of the Health Insurance Portability and Accountability Act (HIPAA).  They had apparently failed to dispose of data contained on a hard drive within a copier.

That same copier and its hard drive were later resold to a third party who discovered that it held the personal health information of more than 344,000 individuals on it. Simple oversights like this can quickly add up to significant financial losses.  Today’s penalties for Data protection violations can range from £100 to £50,000 per violation.  Similar penalties apply for violations of the Graham-Leach-Bliley Act of 1999 (GLBA).

Leave a Reply

Your email address will not be published. Required fields are marked *