2011 was dubbed "The Year of the Breach" as a result of several widespread and well-publicized privacy violations that cost businesses in the US an estimated $6.5 billion. Most of the incidents were preventable. Have you thought about privacy and security lately? It's worthwhile to periodically review how your document workflow protects the private information that may be flowing through your shop.
Perhaps document operations haven't been attractive targets for identity thieves (so far). But they do have an exposure to accidental disclosure of private information. Over time, new jobs come in and documents can change. Government regulations can change too. These events can render long-standing security procedures inadequate or obsolete. Revising the procedures to meet the current needs is a simple way to avoid a privacy disaster.
In many shops, the primary line of defense against errors that result in privacy breaches is manual quality control. I've visited lots of operations centers where document security relied on practices such as sight-checking the printed output, fanning through finished envelopes, and balancing inserting jobs with nothing more than a clipboard and some meter counts.
Even if all these procedures are followed, they probably aren't adequate privacy protection today. And in my experience, those manual quality controls are not always executed. After decades of working directly with document operations I have investigated exactly one incident when existing procedures could not have caught an error that made it into the mail. Every other time, the mistake would have been prevented or caught by the automatic or manual methods already in place. Humans who did not follow through were the weak link.
At Risk: Your Company, Your Department, and You
The exposure to risk is fairly high considering the volume of mail generated by most of our clients. A single mistake that results in a mail recipient getting access to private information belonging to another customer can spark a firestorm of knee-jerk reactions from customers or executive management.
Besides negative publicity and additional expense, there could be far-ranging repercussions from privacy breaches. If you are an outsource service provider a perceived lack of oversight could lead to the loss of business - not only from the affected client but from others as well. And for in-plants, who are always justifying their value to corporate financial people who want to outsource document operations, a preventable security problem could be indefensible. Jobs will be lost - maybe even yours.
Privacy Violation Trouble Spots
These conditions are especially susceptible to errors leading to accidental disclosure of private information.
· Variable page-count statements
· Duplex jobs
· Reformatted documents
· New document composition tools
· Manual reprint processes
· Hand insertion/packaging
· Householded documents
· Merged jobs
· Data file changes
· Personalized inserts
· Pre-printed reply envelopes - multiple versions in the shop
· Changes in envelope window size or location
· Multiple jobs/customers with identical data file formats
Many shops have adopted automated solutions that take human error and inattention out of the equation. Elements of an automated document factory (ADF) can look at every printed document and every mail piece, stopping the operation and issuing alerts should something seem unusual. But not everyone has those capabilities. Budget constraints may prevent operations managers from investing in all the technology that is necessary to detect errors wherever they might occur in the workflow. They may have integrity controls on the inserters, for example, but not on the printers or at the hand work stations. Or they may not have automated reprint capabilities, leaving them exposed to uncatchable errors in a manually-intensive process. And surprisingly, there are still plenty of shops that rely on the clipboard and batch-balancing approach to quality control.
Recognize the risk and follow the procedures
Work with what you've got. If you can't afford to invest in cameras and tracking software, set up procedures that are within your means to catch errors before the mail leaves your facility. And pay close attention to those areas where you're the most vulnerable. See the sidebar for a list of some common trouble spots.
Schedule reviews
Reinforcing the rules, systematically examining the processes for vulnerabilities, and regular employee training are necessary to ensure that operator and supervisor procedures are taken seriously and performed as specified. Human nature causes us to take things for granted. After long periods with no errors, the QC procedures don't seem quite so important. Attention to detail wanes. Mistakes slip through.
We recommend re-visiting your quality control, security, and privacy rules twice a year. Set a reminder in your calendar and commit to doing it. Or schedule an outside resource to do the audits. If the review is not taken seriously by management, the staff won't be as vigilant as you'd like. If you can, invest in technology to protect your operation from experiencing the painful fallout from a privacy violation. In 2012, a single incident could set off a sequence of negative actions that result in a hopeless situation.
Mike Porter is President of Print/Mail Consultants; a consulting firm that helps print and mail facilities assess their operations and maximize their potential. Get more thoughts about document operations and industry trends by subscribing to the free newsletter, "Practical Stuff" at www.printmailconsultants.com
Perhaps document operations haven't been attractive targets for identity thieves (so far). But they do have an exposure to accidental disclosure of private information. Over time, new jobs come in and documents can change. Government regulations can change too. These events can render long-standing security procedures inadequate or obsolete. Revising the procedures to meet the current needs is a simple way to avoid a privacy disaster.
In many shops, the primary line of defense against errors that result in privacy breaches is manual quality control. I've visited lots of operations centers where document security relied on practices such as sight-checking the printed output, fanning through finished envelopes, and balancing inserting jobs with nothing more than a clipboard and some meter counts.
Even if all these procedures are followed, they probably aren't adequate privacy protection today. And in my experience, those manual quality controls are not always executed. After decades of working directly with document operations I have investigated exactly one incident when existing procedures could not have caught an error that made it into the mail. Every other time, the mistake would have been prevented or caught by the automatic or manual methods already in place. Humans who did not follow through were the weak link.
At Risk: Your Company, Your Department, and You
The exposure to risk is fairly high considering the volume of mail generated by most of our clients. A single mistake that results in a mail recipient getting access to private information belonging to another customer can spark a firestorm of knee-jerk reactions from customers or executive management.
Besides negative publicity and additional expense, there could be far-ranging repercussions from privacy breaches. If you are an outsource service provider a perceived lack of oversight could lead to the loss of business - not only from the affected client but from others as well. And for in-plants, who are always justifying their value to corporate financial people who want to outsource document operations, a preventable security problem could be indefensible. Jobs will be lost - maybe even yours.
Privacy Violation Trouble Spots
These conditions are especially susceptible to errors leading to accidental disclosure of private information.
· Variable page-count statements
· Duplex jobs
· Reformatted documents
· New document composition tools
· Manual reprint processes
· Hand insertion/packaging
· Householded documents
· Merged jobs
· Data file changes
· Personalized inserts
· Pre-printed reply envelopes - multiple versions in the shop
· Changes in envelope window size or location
· Multiple jobs/customers with identical data file formats
Many shops have adopted automated solutions that take human error and inattention out of the equation. Elements of an automated document factory (ADF) can look at every printed document and every mail piece, stopping the operation and issuing alerts should something seem unusual. But not everyone has those capabilities. Budget constraints may prevent operations managers from investing in all the technology that is necessary to detect errors wherever they might occur in the workflow. They may have integrity controls on the inserters, for example, but not on the printers or at the hand work stations. Or they may not have automated reprint capabilities, leaving them exposed to uncatchable errors in a manually-intensive process. And surprisingly, there are still plenty of shops that rely on the clipboard and batch-balancing approach to quality control.
Recognize the risk and follow the procedures
Work with what you've got. If you can't afford to invest in cameras and tracking software, set up procedures that are within your means to catch errors before the mail leaves your facility. And pay close attention to those areas where you're the most vulnerable. See the sidebar for a list of some common trouble spots.
Schedule reviews
Reinforcing the rules, systematically examining the processes for vulnerabilities, and regular employee training are necessary to ensure that operator and supervisor procedures are taken seriously and performed as specified. Human nature causes us to take things for granted. After long periods with no errors, the QC procedures don't seem quite so important. Attention to detail wanes. Mistakes slip through.
We recommend re-visiting your quality control, security, and privacy rules twice a year. Set a reminder in your calendar and commit to doing it. Or schedule an outside resource to do the audits. If the review is not taken seriously by management, the staff won't be as vigilant as you'd like. If you can, invest in technology to protect your operation from experiencing the painful fallout from a privacy violation. In 2012, a single incident could set off a sequence of negative actions that result in a hopeless situation.
Mike Porter is President of Print/Mail Consultants; a consulting firm that helps print and mail facilities assess their operations and maximize their potential. Get more thoughts about document operations and industry trends by subscribing to the free newsletter, "Practical Stuff" at www.printmailconsultants.com