Today's Washington Post has an article about a gentleman who has been receiving bank statements in the mail for the past several months. All of them contain sensitive information, none of them are his.
Because of a few wayward keystrokes by a clerk at a bank processing center, Pirozzi has for nine months received the financial statements of scores of strangers, many of whom are Washington area residents and all of whom had had Wachovia Corp. escrow accounts.
Fortunately, Mr. Pirozzi is not an identity thief.
Pirozzi tried desperately to get the problem fixed once the first batch arrived last spring, but he says that no one at the bank or at a local title company that helped establish the accounts took action on his repeated calls. It was only in the past few weeks, after Pirozzi began receiving strangers' tax forms and after inquiries from a Washington Post reporter, that both companies began to investigate.
How does this happen? Blame the way the database is set up, I suppose.
Beth Givens, director of the Privacy Rights Clearinghouse in San Diego, said ... There have been instances ... in which mail processing systems misfire and match each address with a name that's one off from the correct name. In those situations, she said, hundreds or even thousands of pieces of mail can go to the wrong address. But those kinds of mistakes are usually noticed and corrected quickly. Pirozzi's case, she said, is remarkable for how long it went undetected.
The problem here, though, is it didn't "go undetected". It was detected right away, as soon as Mr. Pirozzi started getting misdirected mail. He called it in, and...
Instead, he got bounced from person to person, number to number, automated system to automated system. Eventually, he talked to someone who claimed to have an answer. "They said it was all Walker's fault," he recounted. "I talked to Walker, and they said it was all Wachovia's fault." [I]n January, he sent an e-mail to several high-level officials at Walker Title explaining the situation and demanding that someone intervene to stop the torrent of misdirected mail. He got no response. The e-mail, Pirozzi was later told, had been blocked by a company spam filter and no one at Walker had received it.
A lot of the problem is that the company lacks a culture of treating personal information as private or sensitive.
One example: Every now and then, a fax machine will call my phone line, either at home or at work. If I'm at home, I hang up on the machine and go back to sleep. (This always seems to happen during the low single-digit hours of the morning.) At work, if curiousity gets the better of me, I'll forward the call to the fax machine. One time my boss had the incoming fax on his line, so I suggested that step to him. It turned out to be a copy of a patient's medical records in transit from one local medical center to another. It took some hunting, but we found a phone number for the center, and my boss called and let them know the fax had been misdirected. The person on the other end of the phone was not the least bit worried that a patient's medical details had been sent to the wrong person.
I'm sure there is someone at that particular medical center who takes patient privacy very seriously. Perhaps, based on this, the medical center claims that it, as an entity, takes patient privacy very seriously. But unless it filters down to the gate keepers who actually distribute and receive that information, no, that medical center does not take patient privacy seriously.
"Wachovia takes the protection of sensitive information very seriously," said Sandy Deem, a company spokeswoman. "It was an isolated incident that was very unusual. We have taken steps to prevent it from happening in the future."
And neither does an escrow company.
No comments:
Post a Comment