We read about privacy breaches a lot. Stories about hackers are in the news every day now, thanks to intrusions affecting government institutions and high-profile politicians. Security violations in the mailing industry are not as newsworthy, but when they happen, the effect on those responsible for privacy infringements can be severe.
Service providers that make printing or mailing mistakes can experience negative publicity, rework, corrective actions, lawsuits, fines, penalties, or loss of business. Not only are these consequences expensive, they force management to focus on the breach and its fallout. In the meantime, other business endeavors like customer acquisition or strategic planning can suffer.
Cyber criminals could hack a mail service provider’s network and steal data, but these organizations are more prone to accidental disclosure of confidential information because of operational mishaps. Mailing operations can prevent nearly all of these breaches. Most organizations have developed controls to protect themselves and their customers.
Updated Security Procedures Catch Errors
If controls and procedures aren’t audited and tested regularly though, errors can slip through undetected. Over time, the company adds new jobs, changes software and workflows, and redesigns documents. Unless the organization updates them, long-standing security procedures and documentation can become inadequate or obsolete.
The weakest links in privacy protection are not network firewalls or intrusion detection software. It is usually a human that causes printing or inserting errors. Someone mixes pages when clearing a jam on the inserter, loads a file into the wrong directory, or neglects to perform quality control checks that can catch errors.
Unless management consistently reinforces quality assurance (QA) process compliance, employees tend to relax their efforts. After months of checking and finding no errors, employees may still initial the QA form, but they do not inspect jobs as they should.
In over three decades in the print and mail business I’ve seen plenty of mistakes. Most were caught, but some wayward documents made it into the mail. In all that time, I witnessed only one error that couldn’t have been intercepted by an existing quality control procedure. In all other mailed mistakes, the staff simply did not follow procedures that would have prevented the release of errant mail.
Data Theft Concerns
For print and mail operations, electronic data exposed to unauthorized parties is usually the result of carelessness or property crime, rather than malicious hacking. An employee has a laptop stolen out of their car, someone breaks into the facility and steals computers, or the staff mistakenly sends documents with private information to a dumpster instead of the shredder. Most of these events never lead to criminal use of the stolen data, but they are still a breach. Sometimes, the law requires organizations to notify individuals whose personal information was compromised by theft or loss.
I advise document centers to review their rules for quality control, privacy, and security at least twice a year. Make sure procedures still fit the work being performed and look for any new or modified jobs that signify added vulnerabilities. Check to be sure rules about encrypting data are being followed. If policies covering employee-owned devices, or removing data from the facility are inadequate, update them and reinforce their importance with the staff.
I don’t recommend organizations wait until a breach occurs to address privacy protection. Companies that fail to take mail piece integrity, error detection, and data security seriously are putting their companies in jeopardy. Do an internal audit or contract with an outside resource to assess the viability of existing processes before an unfortunate event threatens to upset business operations.
Mike Porter helps print/mail organizations improve operations and develop strategies for growth. Contact Mike at www.printmailconsultants.com or follow him on LinkedIn and Twitter @PMCmike to learn more.