A private investigator, commissioned by the National Association for Information Destruction-ANZ (NAID-ANZ), casually looked through publicly accessible bins in the Sydney metropolitan area. The bins were used by businesses that had an established responsibility to protect client data, yet 11% of the bins contained personal confidential information.
More than 80 businesses were investigated and most bank branches and doctors’ offices had confidential information in their trash bins, readily accessible to passers-by and identity thieves. Included among a dozen or so of the most troubling findings, was a report listing an account holder’s information, including name, address, social security number, credit card number, account balances, and credit limits. A criminal could establish false credit or access the account holder’s funds with this information.
Global NAID CEO, Bob Johnson, says the issue of inadequate confidential document disposal is particularly concerning due to the fact that identity theft is on the rise.
“According to the Australian Crime Commission, identity theft is the fastest growing crime in the country. Studies have shown that these criminals often rely on low-tech, untraceable sources of personal information. Dumpster diving is a big part of their trade craft.”
Chris Eastaughffe of the Private Group Pty Ltd, which was the licensed investigative firm commissioned to conduct the study, said the results are more demonstrative than scientific.
“We were instructed not to go to extreme lengths to access the trash bins,” said Eastaughffe. “We simply observed the contents as any curious passerby might.” Eastaughffe hastened to add that no laws were broken during the study.
Other breaches found included:
A set of documents outside a solicitor’s office including correspondence about a legal settlement for a real estate dispute; documenting the parties involved, amount of the settlement, and bank account information
Documents regarding a legal claim against an employer, where a female employee brought charges about a medical condition that she claimed resulted from a hostile workplace
Blood tests with patients’ names, addresses, social security numbers and diagnostic information
In 2010 and 2011, Australians lost more than $1.4 billion due to personal fraud crimes. The results of the NAID-ANZ Disposal Habits Study also reflect the findings of the association’s Consumer Awareness Study released in 2012, showing both a lack of awareness and concern regarding the countries data protection laws.
Allowing unauthorized access to "personal information about an individual whose identity is apparent, or can reasonably be ascertained” is a violation of Australia’s Privacy Act of 1988 (the Act), which requires private organisations to protect sensitive information. Under the Act, such information could include records on racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, criminal records that are also personal information, health information about individuals, or genetic information about individuals that are not otherwise health information.