On Tuesday (19 February), the Australian and New Zealand branch of the global National Association for Information Destruction (NAID-ANZ) released the results of a survey of commercial rubbish bins in Sydney.
The survey analysed the trash of more than 100 organisations in the Sydney metropolitan area. It found that 11 per cent of companies had personal information readily available to pedestrians and identity thieves. Of the 16 law firms featured, three (19%) had confidential information that was sitting towards the top of rubbish bins.
“There is no doubt this is a major worry for the legal services sector in Australia,” said NAID CEO Bob Johnson. “This [information in the bins] was found on one random casual day, and I want to make the point that this is far more common than you would think.”
The 16 law firms targeted included firms with more than 25 lawyers, between 10 and 25 lawyers and less than 10 lawyers.
Two of the three offending firms had between 10 and 25 lawyers, with the other firm having less than 10 lawyers. Documents found in the bin at one of those firms included confidential information involving a legal claim against an employer where a female employee brought charges about a specific medical condition she claimed was the result of a hostile workplace.
In November, a study by the law firm risk management company IntApp, which included 30 of Australia’s largest firms, found that two-thirds of respondents indicated that information about clients is openly accessible to all staff within the firm.
NAID and IntApp did not disclose the names of the organisations featured in the respective surveys.
The horse has bolted
NSW Legal Services Commissioner Steve Mark also attended the release of the survey’s results and gave a presentation himself on the topic of Betrayed trust: The serious consequences of negligence.
Mark, who is also the registrar of the Australasian Register of Security Professionals, said that an underlying issue not addressed was whether society has already “given up” on privacy.
“The NAID discussion was about the destruction of information on hard copy,” said Mark. “Most of what is in the press today is about electronic information and hacking, and how do you protect that?
“If something is on Facebook, you can never destroy it.”
During his presentation, Mark also played devil’s advocate and asked about the ethics of destroying documents in the first place.
“What are the ethics about destroying documentation or information when there is a real societal need to retain it?” said Mark. “If you were a lawyer you would have to ask those questions.”
No dumpster diving
The survey painted a gloomy picture of data protection and privacy.
Johnson claimed that due to Australian laws that prohibit the taking of garbage from a bin, the survey was biased in favour of organisations, as the private investigator hired to go through commercial bins could not access the total content of the bins.
“They didn’t jump into the container, dig down in, tear open bags wildly, some of which an identity thief might do,” said Johnson. “It was about what you could casually find by opening the container and seeing what is in there.”
In North America, it is legal to take garbage away from bins, and a similar survey in Toronto found that more than 40 per cent of organisations included in the study had confidential information in commercial waste.
Studies in London and Madrid also found that more than 40 per cent of organisations had confidential client information in bins.
Other organisations featured in the Sydney survey included bank branches, hospitals, doctors offices, accountancy firms and financial planners.