"We still do not know how our records were compromised," said Lamb, who mentioned that his own name was on the list. "We don't know if somebody was supposed to shred that information, but it ended up in a Dumpster."It really does behoove everyone to determine exactly which employees can possibly access identity data and them make sure that they, and there staff, understand how much damage they can do if they don't maintain proper data security measures.
Related:
For example, if a project involves PII, or personally identifiable information, that invariably leads us to one security procedure: encryption. But we constantly find ourselves having to justify the need for encryption. If we can standardize our encryption requirements for PII, we may be able to cut some arguments short.