Related to:
June 2 2013 11:03 PM

I was booked to speak to a group of local print service providers recently about privacy breaches and document security. Unfortunately, the attendance at the presentation was sparse, which is too bad. Those that stayed home missed some pretty important information. I am baffled sometimes about the apathy regarding this topic. Smaller shops are some of the most vulnerable organizations, but discussing the security of their document operation doesn't seem to be a hot issue with them. We don't get many inquiries about our Document Security Audit from this group either. The smaller print and mail service providers seem to be trying hard to ignore the risk.

Conversely, large service bureaus and in-house document operations are all over this issue. They recognize the negative impacts and costs associated with incidents where their actions could compromise the private information of document recipients. They are taking steps to prevent privacy breaches from happening in their environments.

Small Company Does Not Equal Small Risk
Mailing lower volumes of documents does not necessarily result in a corresponding reduction in privacy violation risk or the severity of negative consequences. The economic impact on a small company with limited resources can be greater than the effects absorbed by a large corporation facing the same privacy breach circumstances.

Smaller organizations are more vulnerable because don't have the funds to invest in state-of-the-art automated document factories. They may be operating with older equipment and software and they may lack the luxury of extra staff members on the payroll to handle quality control. Some of the systems and processes they've set up over time may be based on multiple off-the-shelf products and be unconnected, making it more difficult to automatically detect problems. Manual intervention may be the rule rather than the exception. All these factors increase the chances of unknowingly committing common errors such as inserting pages from multiple accounts into the same envelope, mis-matching personalized content, or out-of-sync duplex printing.

And yet many of these companies process documents such as credit union statements, doctor bills, or legal notices - documents featuring sensitive personal information. A privacy breach could create a great deal of negative publicity and require significant investments in remediation efforts.

Over the years I have developed a list of job and workflow attributes that increase an organization's exposure to the kinds of mistakes that can result in privacy breaches. Document operations that run the types of jobs described below should be extra vigilant. Here are just a few of the items from my list:

Variable-page documents - Any job that features variable page-counts requires a more comprehensive set of quality control and balancing procedures.

Duplexing - Printing one person's information on the front and someone else's on the back is more common than you might think.

Jam-clearing - Anytime an equipment operator re-sequences pages after a paper jam or manually inserts them into envelopes there is an opportunity to make a non-catchable mistake.

Reprints - Very few shops have fully-automated reprints. In most cases the process is highly manual, lacks tracking, and completely circumvents quality control or document integrity processes used for normal production.

Data transport - Well-meaning employees have been known to take work home with them on laptops and flash drives. There are scores of reported incidents where the devices containing unencrypted data are lost or stolen. When data leaves the control of the trusted entity, a reportable privacy breach has occurred - even if that data is never used to commit a crime.

Printing and mailing workflow errors that result in the loss or disclosure of private information cause public embarrassment, generate re-work, trigger fines, and can cause a document services provider to lose customers. The price to be paid for an incident or two could conceivably affect a small company's ability to continue operations. At the very least privacy breaches put management into crisis mode, directing their attention away from other critical business operations.

If a small organization can't afford to implement modern automated controls there are still actions they can take to reduce their risk of becoming involved in a privacy breach. Given the cost of negative consequences should an event occur I'm surprised that more of these companies are not educating themselves and taking action that is appropriate for their particular business.

Mike Porter is President of Print/Mail Consultants, an independent consulting firm that helps companies nationwide be more productive, adapt to changing requirements, and lower costs in their document operations. For more ideas about how to make mail work for you, connect with Mike directly at Or visit and sign up for Practical Stuff - the free newsletter dedicated to document operations professionals.