Trash Talk: Businesses Must Be Vigilant About Disposal of All Company Materials

7/24/2013

How does your company dispose of hazardous materials? Most companies know that they must be extremely careful when disposing of waste, such as oil, paint, or chemicals. Federal and state environmental laws mandate strict adherence by all companies, large or small, and the price for non-compliance is high. But how about procedures for the disposal of information? Environmental waste is not the only trash that companies need to carefully monitor. In the current state of rapidly increasing federal and state data privacy and security laws, companies must also carefully control the disposal of all information or risk significant penalties.

Wal-Mart Stores recently pleaded guilty to improperly dumping hazardous waste in California and Missouri and agreed to pay $82 million in fines for violating the Clean Water Act and the Federal Insecticide, Fungicide and Rodenticide Act. Authorities discovered that, starting in 2003, Wal-Mart employees threw hazardous products, including bleach and fertilizer, in the trash and sewer systems instead of properly disposing of the products. In 2006, in response to investigations, Wal-Mart instituted a program instructing employees on how to properly handle waste. The new compliance program, though, came too late to avoid penalty.

Similar stories continue to fill the news. In addition, stories of improper release and disposal of information are on the rise. Companies have been aware of HIPAA for many years; however, federal laws now also cover the release of sensitive data outside of the medical realm. Further, almost every state has some form of data privacy laws in place. In January of this year, owners of a medical billing practice and pathology groups in Massachusetts agreed to pay $140,000 to settle claims for the disclosure of sensitive information contained in documents improperly disposed of at a public dump in 2010. As an example of the intersection between federal and state laws, the companies were held accountable under both HIPAA and state data security regulations.

These types of violations will only be on the rise as more and more company information is stored on movable technology, including laptops, PDAs, and flash drives, which can be improperly disposed of through intentional acts or unintentional loss or theft. Companies need to assess their procedures for protection of sensitive material in order to avoid a costly mistake. The Ponemon Institute's "2013 Cost of Data Breach Study: Global Analysis" estimated that on average the cost to an organization for a data breach is $188 per compromised record. These penalties can add up fast. In addition to insurance, solid policies and vigilant training are needed to help protect companies' reputations and assets.

Governo Law Firm carefully monitors the latest developments in environmental and data privacy laws as we counsel our clients to protect them from avoidable harm. Please contact David Governo (dgoverno@governo.com) or Melissa Tarab (mtarab@governo.com) if you would like more information on these topics and how best to protect your company.


<back