Would you stuff your wheelie bin with letters from your GP, bank statements, your latest pay review notice? Surely not. Who knows where it would end up, if indeed it made it off the street.
Might it come as a surprise, then, to learn that some businesses – including health agencies in New Zealand – continue to dispose of sensitive personal information in standard recycle bins intended for non-secure, council collection? It certainly does to us.
In the last 6 months alone, we’ve been notified of three cases where a business has disposed of large amounts of personal information no longer needed in an unlocked and public bin. In two of these cases, locals discovered the information blowing loosely down the street. Thankfully, both times these locals did the right thing. They contacted us and the businesses concerned, and the matter was dealt with quickly.
Of course agencies need to get rid of information – the Privacy Act says they shouldn’t hold on to it for longer than they need to (principle 9). But, the Privacy Act also requires agencies to take reasonable steps to ensure that personal information is safe from loss, misuse and unauthorised disclosure (principle 5). This requirement applies when the information is held by the agency, but also when the information is being destroyed. So, where personal information is concerned, businesses need to take extra care to ensure that information is destroyed securely, and completely.
For those of you who find yourselves on the receiving end of someone else’s information, perhaps because it has blown onto your doorstep, remember that you have responsibilities to protect that information too. Don’t keep it or use it. Imagine it was your information. Do the right thing, and return it to the business concerned. Oh, and you can always tell us too.
[Image by Chris Slane - www.slane.co.nz]