Sloppy desks and work practices can lead to violations of GDPR, HIPAA, even state laws

by DeeDee Kato, Senior Director

blog-image_1002

Some consulting firms say that one of the biggest problems facing companies trying to comply with privacy rules such as HIPAA and GDPR are disorganized desks. This can present a huge liability when it comes to customer information and the risk of data theft.

Even the everyday tasks of putting paperwork back into filing cabinets or drawers and locking them before you finish work can mean the difference between compliance and non-compliance. We all know how easy it is to just leave personal information lying around if you’re not careful. And once that data is lying around, snooping is all too easy—and all too common.

Examples in the healthcare and auto industries

In fact, snooping is mentioned as one of the top HIPAA violations that causes problems for the healthcare industry. Most often, snooping is done by insiders, such as office staff who shouldn’t have access to certain records and others who try to peek at records they shouldn’t be seeing. Carelessness can result in private information being left out on desks or at reception counters right in the open. If that happens, snooping is merely a matter of looking down.

When it comes to the auto industry, there are privacy violations that can get you in hot water too, according to Automotive News. They cite the all-too-frequent example of dealership salespeople taking a customer’s driver’s license and making a copy of it before a test drive. There are two potential violations here. First, taking the license out of the customer’s line of vision is a violation of the law in some states. Second, if the salesperson carelessly exposes that driver’s license information, like if they accidentally leave a photocopy at the machine or out on their desk, that’s another violation.

In California, for example, the penalty is $11,000 per incident. “So, if you have six people’s driver’s license information sitting out, that’s $66,000,” said Rusty West, president of Market Scan Information Systems in Los Angeles.

While no solution is 100% foolproof, there are certain measures you can take to reduce the likelihood of privacy violations due to paperwork in plain view.

Train employees that sloppiness is a problem

Employees will get better at making sure they don’t leave sensitive information out in plain view on desks if they have the right training explaining why this behavior is a problem. So, it makes sense to implement a training program to get them into better habits.

Less paperwork, less problems

Better still, get the paper out of the process. Move to digitizing paper documents or creating and using them electronically only, no paper at all. Of course, we’d recommend Foxit PhantomPDF for doing so. Not only can you use it to scan and digitize paper documents, you can use it to create pdfs from the get-go. Even the all-important business form. Plus, it’s highly effective for editing, signing, and collaborating with colleagues.

What’s more, it enables you to track documents throughout their lifecycle and restrict their usage only to authorized users. It even allows you to revoke access after you’ve already sent your document. (That’s ConnectedPDF, which is built into PhantomPDF.)

Another benefit of going totally digital is that you can put in measures that automatically protect sensitive data. Even a simple screensaver program can be set to nearly instantly shield data on desktops and devices from prying eyes.

All in all, simple solutions like these can go a long way to keeping sensitive data from being out in the open and stopping your organization from violating regulations like HIPAA and GDPR.


Leave a Reply

Your email address will not be published. Required fields are marked *


*