In-house operations and smaller sized print and mail service providers seem to be trying to ignore the risks associated with privacy breaches and document security. Discussing the data security of their document operation does not seem to be a hot issue for them. This is somewhat baffling because in-house and smaller shops are some of the most vulnerable organizations. Repairing the damage caused by a security incident can be devastating.
Conversely, larger service operations like Kaye-Smith are all over this issue. They recognize the negative impacts and costs associated with data management incidents where their actions could compromise the private information of document recipients. They have been taking steps to prevent privacy breaches from happening in their environments.
Smaller Volumes Do Not Equal Smaller Risks
Mailing lower volumes of documents does not necessarily result in a corresponding reduction in privacy violation risk or the severity of negative consequences. The economic impact on a small company with limited resources can be greater than the effects absorbed by a large corporation facing the same privacy breach circumstances.
Medium and smaller organizations are more vulnerable because they don’t have the funds to invest in state-of-the-art automated document factories and data protection. They may be operating with older equipment and software and they may lack the luxury of extra staff members on the payroll to perform quality assurance management. Some of the systems and processes they’ve set up over time may be based on multiple off-the-shelf products and be unconnected, making it more difficult to automatically detect problems. Manual intervention may be the rule rather than the exception.
All these factors increase the chances of unknowingly committing common errors such as inserting pages from multiple accounts into the same envelope, mismatching personalized content, or out-of-sync duplex printing.
And yet many of these in-house organizations and/or small print shops process documents such as bank and credit union statements, bills, doctor or hospital bills, explanations of benefits, insurance documents, or legal notices – documents featuring sensitive personal information. A privacy breach could create a great deal of negative publicity and require significant investments in remediation efforts. Not to mention an extensive loss of faith in their customer base due to an outdated security policy.
Some organizations are operating at higher risk just because of the type of documents they process. Certain job and workflow attributes increase an organization’s exposure to the kinds of mistakes that can result in privacy breaches. Document operations that run the types of jobs described below should be extra vigilant:
Variable-page documents – Any job that features variable page-counts requires a more comprehensive set of quality control and balancing procedures.
Duplexing – Printing one person’s information on the front and someone else’s on the back is more common than you might think.
Jam-clearing – Anytime an equipment operator re-sequences pages after a paper jam or manually inserts them into envelopes there is an opportunity to make a non-catchable mistake.
Reprints – Very few shops have fully-automated reprints. In most cases the process is highly manual, lacks tracking, and completely circumvents quality control or document integrity processes used for normal production.
Data transport – Well-meaning employees have been known to take work home with them on laptops and flash drives. There are scores of reported incidents where the devices containing unencrypted data are lost or stolen. When data leaves the control of the trusted entity, a reportable privacy breach has occurred – even if that data is never used to commit a crime.
Printing and mailing workflow errors resulting in the loss or disclosure of private information cause public embarrassment, generate re-work, trigger fines, and can cause a document services provider to lose customers. The price to be paid for an incident or two could conceivably affect a company’s ability to continue operations. At the very least privacy breaches put management into crisis mode, directing their attention away from other critical business operations.
Most in-house operations or smaller outsource providers can’t afford or don’t understand how to implement modern information management. This includes automated controls within their enterprise to reduce their risk of becoming involved in a privacy breach. Given the cost of negative consequences should an event occur it is surprising more of these companies are not educating themselves and taking action that is appropriate for their particular business.
Kaye-Smith is the leading outsource provider of data-driven document communications in the Pacific Northwest. We’re a service provider to numerous companies and organizations in the banking, credit union, insurance, healthcare, non-profit, utility, government and general business arenas.