Skip Navigation

The Other Shoe - Notifications Result from Los Angeles Data Breach

Bookmark and Share

A few issues back, NAIDDirect™ reported on the data breach in LA County. The information security breakdowns referenced in the event included unsecured storage, recycling instead of shredding, lack of understanding by management, insensitivity to privacy requirements, and exporting of intact private information to China.

NAID has been lobbying for a long time to have breaches caused by casual disposal require the same notification as breaches resulting from electronic infiltration. To date, however, NAID had not gotten much traction from that argument.

Hidden among the many gems in the video report on the LA incident is the brief mention that notification of the victims of the privacy breach was in order. The official responding to the claim dismissed that as impractical and unnecessary.

The good news is that someone, somewhere did think it was necessary and so, 94,000-plus LA County residents received notification that their personal information may have been exposed in a manner that could cause them problems.

This is the first incident that NAID knows of where unsecre disposal of personal information in hard copy form has led to such notification. The linkage of disposal to notification will dramatically increase the attention to disposal practices by businesses. It also sets a great precedent for NAID to continue to push this linkage when discussing with policy-makers.