By Ben Rothke, CISSP, PCI QSA
February 24, 2009
The inability to discard worthless items even though they appear to have
no value is known as compulsive hoarding syndrome. If the eccentric
Collyer brothers had a better understanding of destruction practices,
they likely would not have been killed by the very documents and
newspapers they obsessively collected.
While most organizations don't hoard junk and newspapers like Homer and
Langley Collyer did, they do need to keep information such as employee
personnel records, financial statements, contracts and leases and more.
Given the vast amount of paper and digital media that amasses over time,
effective information destruction policies and practices are now a
necessary part of doing business and will likely save organizations
time, effort and heartache, legal costs as well as embarrassment and
In December 2007, the Federal Trade Commission announced a $50,000
settlement with American Mortgage Company of Northbrook, Illinois, over
charges the company violated the FTC's Disposal, Safeguards, and Privacy
rules by failing to properly dispose of documents containing consumers'
credit and personally identifiable information. In announcing the
settlement, the FTC put all companies on notice that it is taking such
A $50,000 settlement might seem low when measured against the potential
for financial harm to individuals as a result of the company's
negligence, but in addition to the negative PR for American Mortgage,
the settlement includes an obligation to obtain an audit, every two
years for the next 10 years, from a qualified, independent, third-party
professional to ensure that its security program meets the standards of
the order. Any similar failures by this company during the next decade
will be met with more severe punishment. That, indeed, is a very costly
Best Selling Security Books and More!