Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

Breach Case 6: Reusing and recycling Neil Sanson
29 November 2017

waste paper 447297 960 720

A recent data breach incident gave us an example of how trying to be careful in one respect can lead to unintended bad consequences in other ways.

Reusing paper that has been printed on only one side can be environmentally friendly and saves costs. But this reuse is not appropriate when dealing with personal information.

At a medical practice, a patient was handed a form to give to the doctor. On the front of the form was the patient’s information but on the back of the page was another patient’s information in the form of an invoice. When asked, staff at the medical centre felt the reuse was safe to do because they'd blanked out the patient's details on the back. But this blanking out was done poorly and when held up to the light, the other patient's information, such as their name and address, could be seen.

The reused paper was not intended to leave the clinic. However, it created a risk. The recycled paper should have been destroyed or disposed of in the first instance.

Business processes need to be considered holistically, rather than by focusing on a single aspect. When dealing with personal information, it is better not to reuse paper, even if it is environmentally the right thing to do.

We regularly get data breach notifications and this year we will be sharing the lessons learned from these more regularly. If you want to know more about data breaches, please check out our Data Safety Toolkit.

Image credit: Waste paper - Creative Commons licence

 

0 comments

, , ,

Back

Comments

No one has commented on this page yet.

Post your comment

The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.

Latest Blog Entries