Betting the Farm: Hoping You Don't Have a Privacy Breach

Recently, widespread and well-publicized privacy violations cost businesses in the US an estimated $6.5 billion in a single year. Most of the incidents were preventable. Have you thought about privacy and security lately? It’s worthwhile to periodically review how your document workflow protects the private information that may be flowing through your shop.

Perhaps document operations haven’t been attractive targets for identity thieves (so far). But they do have an exposure to accidental disclosure of private information. Over time, new jobs come in and documents can change. Government regulations can change too. These events can render long-standing security procedures inadequate or obsolete. Revising the procedures to meet the current needs is a simple way to avoid a privacy disaster.

In many shops, the primary line of defense against errors that result in privacy breaches is manual quality control. There are plenty of operations centers where document security relies on practices such as sight-checking the printed output, fanning through finished envelopes, and balancing inserting jobs with nothing more than a clipboard and some meter counts.

Even if all these procedures are followed, they probably aren’t adequate privacy protection today. And experience tells us that those manual quality controls are not always executed. It is an extremely rare incident when existing procedures could not have caught an error that made it into the mail. Most of the time, the mistake would have been prevented or caught by the automatic or manual methods already in place. Humans who did not follow through were the weak link.

At Risk: Your company, your department, and your job

The exposure to risk is fairly high considering the volume of mail that may be generated by your operation. A single mistake that results in a mail recipient getting access to private information belonging to another customer can spark a firestorm of knee-jerk reactions from customers or executive management.

Besides negative publicity and additional expense, there could be far-ranging repercussions from privacy breaches. If you are an outsource service provider a perceived lack of oversight could lead to the loss of business – not only from the affected client but from others as well. And for in-plants, who are always justifying their value to corporate financial people who want to outsource document operations, a preventable security problem could be indefensible. Jobs will be lost – maybe even yours.

Many shops have adopted automated solutions that take human error and inattention out of the equation. Elements of an automated document factory (ADF) can look at every printed document and every mail piece, stopping the operation and issuing alerts should something seem unusual. This technology is becoming more affordable, but not everyone has those capabilities today. Budget constraints may prevent operations managers from investing in all the technology that is necessary to detect errors wherever they might occur in the workflow. They may have integrity controls on the inserters, for example, but not on the printers or at the hand work stations. Or they may not have automated reprint capabilities, leaving them exposed to uncatchable errors in a manually-intensive process.

The workflow of data through the shop is highly vulnerable since even encrypted data has to be unencrypted to process in currently available technology. This means that the data is exposed and can be copied internally or hacked by an external source.

Recognize the risk and follow the procedures

Work with what you’ve got. If you can’t afford to invest in cameras and tracking software, set up procedures that are within your means to catch errors before the mail leaves your facility. And pay close attention to those areas where you’re the most vulnerable. See below for a list of some common trouble spots.

Schedule reviews

Reinforcing the rules, systematically examining the processes for vulnerabilities, and regular employee training are necessary to ensure that operator and supervisor procedures are taken seriously and performed as specified. Human nature causes us to take things for granted. After long periods with no errors, the QC procedures don’t seem quite so important. Attention to detail wanes. Mistakes slip through.

Re-visiting your quality control, security, and privacy rules twice a year is a good practice. Set a reminder in your calendar and commit to doing it. Or schedule an outside resource to do the audits. If the review is not taken seriously by management, the staff won’t be as vigilant as you’d like. If you can, invest in technology to protect your operation from experiencing the painful fallout from a privacy violation. A single incident could set off a sequence of negative actions that result in a difficult situation.

Privacy Violation Trouble Spots

These conditions are especially susceptible to errors – leading to accidental disclosure of private information.