A recent data breach incident gave us an example of how trying to be careful in one respect can lead to unintended bad consequences in other ways.
Reusing paper that has been printed on only one side can be environmentally friendly and saves costs. But this reuse is not appropriate when dealing with personal information.
At a medical practice, a patient was handed a form to give to the doctor. On the front of the form was the patient’s information but on the back of the page was another patient’s information in the form of an invoice. When asked, staff at the medical centre felt the reuse was safe to do because they'd blanked out the patient's details on the back. But this blanking out was done poorly and when held up to the light, the other patient's information, such as their name and address, could be seen.
The reused paper was not intended to leave the clinic. However, it created a risk. The recycled paper should have been destroyed or disposed of in the first instance.
Business processes need to be considered holistically, rather than by focusing on a single aspect. When dealing with personal information, it is better not to reuse paper, even if it is environmentally the right thing to do.
We regularly get data breach notifications and this year we will be sharing the lessons learned from these more regularly. If you want to know more about data breaches, please check out our Data Safety Toolkit.
Image credit: Waste paper - Creative Commons licence