PRISM International Advocacy: Abandoned Records and RIM Services

February 20, 2019

Over the years, abandoned records have been among the most common and troubling causes of data security breaches. This usually happens when an organization goes out of business, leaving paper records or electronic equipment behind in an office or warehouse. Of course, other times the media is tossed in the trash or left on the shelves of a PRISM International member.

Given the fact that abandoned media plays so prominently in data security breaches, it is difficult to understand why data protection laws up until now have ignored the issue.

Part of the solution, as i-SIGMA Government Relations Chair Don Gerard, CSDS, explains, is holding individuals legally responsible for media and records abandoned by their companies.

“People get away with abandoning records and equipment because they are insulated by a corporate shell,” says Gerard. “If they suffer the consequences personally, they would be more conscientious.”

Gerard says holding individuals personally responsible for abandoned records and media will also make it easier for PRISM International members to collect payment. “If the laws change, businesses will be a lot less likely to stick the records storage company with unpaid bills and additional liability.” Gerard went on to say, “Members would be able to go after the business owners personally. In this case, increasing data security comes with an additional benefit.”

Addressing the issue of abandoned records is a core platform issue for i-SIGMA in all government relations advocacy that they are currently pursuing in their ongoing work.