The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

Search this blog

Recent Posts

On Twitter

About this page and the author

The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.

For full contact information and a brief bio, please see David's profile.

Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.

David Fraser's Facebook profile

Privacy Calendar

Archives

Links

Subscribe with Bloglines

RSS Atom Feed

RSS FEED for this site

Subscribe to this Blog as a Yahoo! Group/Mailing List
Powered by groups.yahoo.com

Subscribe with Bloglines
Add to Technorati Favorites!

Blogs I Follow

Small Print

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.

Sunday, October 09, 2005

Incident: Video outlet dumps piles of sensitive personal information on the sidewalk in New York 

A closed Blockbuster video outlet reportedly dumped piles of membership application forms on a sidewalk. The forms contained very sensitive information that would be more than enough to give an identity thief a good run at the video store's members: name, address, social security number, phone number, credit card and expiry and other information. From the New York Daily News:

It's fraud gold mine

East Side Blockbuster dumps customers' records on street

By TRACY CONNOR

DAILY NEWS STAFF WRITER

Blockbuster forms on sidewalk with credit card numbers.

A shuttered Blockbuster video store carelessly dumped hundreds of files containing customers' Social Security and credit card numbers on a busy upper East Side sidewalk.

The Daily News discovered the stacks of confidential paperwork - a gold mine for scam artists - scattered like ordinary litter on Lexington Ave. near 85th St. on Thursday.

The trash pile included recent membership applications, each revealing the customer's birth date, address, phone number, driver's license number and signature.

More alarming, each application also contained a credit card number and expiration date, and many included a Social Security number.

"That makes me really mad," Kerry Norton, 29, a city teacher told The News after learning that her personal data had been left on the street for anyone to take.

"It's horrendous. You would think you could trust a big company like that. They should have shredded them."

Rebecca Pruthi, a 32-year-old doctor, said she was "disturbed" that a major corporation would fail to take basic steps to protect customers' privacy.

"I make sure my garbage at home is shredded," she said. "People do go through garbage on the street in New York, and this could have been dangerous."

Privacy expert Eric Gertler agreed. He said in the information age anyone who disposes of records without shredding is flirting with disaster.

"In the wrong hands, the information is very valuable to identity thieves, scammers, hackers and other bad guys," said Gertler, author of "Prying Eyes" and CEO of Blackbook Media.

For instance, a thief could use the credit card and address information to order merchandise online - a scam that might go unnoticed until the victim got their next bill.

With a Social Security number, a crook could do even more damage, essentially assuming the victim's identity and applying for loans, credit cards and cell phones in their name.

"In the wrong hands, your personal information is gold," Gertler said. "There's no question that these customers were at risk."

Blockbuster's corporate headquarters said it was investigating the breach and would discipline the employee responsible.

"Our corporate policy is applications must be safely secure under lock and key and must be destroyed when no longer kept on file," spokesman Randy Hargrove said.

"Our top concern is the privacy of our customers and we believe what you are reporting to us is an isolated incident."

The manager of the Lexington Ave. branch, who declined to give his name, blamed the Sanitation Department for failing to pick up the trash Thursday.

But he couldn't explain why the applications weren't shredded and were instead left in clear garbage bags after the store shut it doors for good.

He also could not say why he didn't haul the files back inside after the bags broke open, spilling the papers on the sidewalk.

"It's appalling," said upper East Side resident Deborah Glass, 46, another Blockbuster patron. "I can't believe it."

Originally published on October 8, 2005

Labels:

Links to this post:

Create a Link

This page is powered by Blogger. Isn't yours? Creative Commons License
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License. lawyer blogs