Paper Shredding – Document Shredding and the Law

Houston, Paper Shredding No Comments

 

 

 

 

Under U.S. criminal law, the general rule is that ignorance of the law or a mistake of law is not a valid defense to criminal prosecution…

 

 

 

FOR IMMEDIATE RELEASE
February 20, 2009
www.texasattorneygeneral.gov

CONTACT
Press Office at
(512) 463-2050

 

Attorney General Abbott Charges Edinburg Fitness Center With Identity Theft Prevention Act Violations

 

AUSTIN – Texas Attorney General Greg Abbott has charged an Edinburg fitness center with failing to adequately store and safeguard documents that contained customers’ sensitive personal information. Under the Identity Theft Enforcement and Protection Act, businesses are legally required to implement procedures that ensure customers’ sensitive personal information – including Social Security, Driver’s License, and financial account numbers – is protected from unlawful use or disclosure.

The defendant, Edinburg-based Cornerstone Fitness, closed its McColl Road facility in October 2007. According to the state’s investigation, the defendant hired a moving company to transport equipment, furniture, and business records to its flagship facility on Cornerstone Blvd.

Some time during the next few months, a filing cabinet was discovered in the dumpster behind the defendant’s old McColl Road location. Court documents indicate that customers’ completed Personal Training Service contracts, which include sensitive personal information, were found inside the discarded filing cabinet. The state’s investigation subsequently showed that the defendants lacked records’ retention, management, and disposal policies.

Under the Identity Theft Enforcement and Protection Act, which was authored by Sen. Juan “Chuy” Hinojosa, the defendant faces civil penalties that range from $2,000 and $50,000 per violation. In addition to statutory penalties, the state’s enforcement action seeks an injunction requiring the defendant to implement a comprehensive records management policy.

Although investigators could not confirm whether any personal information was obtained or misused by identity thieves, Cornerstone Fitness customers should carefully monitor bank, credit card and similar financial statements for evidence of suspicious activity. To prevent identity theft, all Texans should obtain annual, cost-free copies of their credit reports.

Texans who wish to file a complaint may contact the Office of the Attorney General at (800) 252-8011 or do so online at www.texasattorneygeneral.gov, where they can also obtain information on identity theft detection and prevention.

FOR OTHER ITEMS ASSOCIATED WITH ATTORNEY GENERAL ANNOUNCEMENTS, ACCESS OAG NEWS RELEASES ONLINE AT WWW.TEXASATTORNEYGENERAL.GOV.

FOR IMMEDIATE RELEASE
December 11, 2008
www.texasattorneygeneral.gov

CONTACT
Press Office at
(512) 463-2050

 

Texas Attorney General Secures Agreements Protecting Texans From Identity Theft

Businesses accused of improperly disposing of records, exposing private information

 

AUSTIN – Texas Attorney General Greg Abbott filed an enforcement action against one Rio Grande Valley company and reached agreements with two others that will help protect Texans from identity theft. All three companies were charged with failing to protect and properly discard records containing customers’ sensitive personal information.

Today’s agreements require the two companies to enhance their information-security procedures and training programs. They will also pay a combined total of $145,000 in penalties and attorneys’ fees.

“Identity theft is one of the nation’s fastest growing and costly criminal enterprises,” Attorney General Abbott said. “These cases all involve companies that failed to properly dispose of materials containing their customers’ sensitive personal information. The Office of the Attorney General is committed to enforcing laws that help prevent identity theft.”

To resolve the state’s investigation, GAB Robins, which provides services to insurance carriers, agreed to pay $125,000 in penalties and attorneys’ fees, and improve its information security protocols and employee training program. Under the settlement, $100,000 will fund future identity theft investigations.

The state launched its investigation after a Corpus Christi reporter discovered company records in a dumpster that was not protected by security measures. Documents obtained by OAG investigators contained customers’ personal information, including name, driver’s license number and date of birth.

The second settlement involved B&F Finance McAllen, L.L.C., a loan company managed by Victory Management Services (“VMS”). In that case, B&F improperly disposed of customers’ personal identifying information in a publicly accessible trash receptacle behind its McAllen offices. Despite the unlawful disposal, VMS assured its customers through the company’s privacy notices that it keeps customers’ private personal information in a secure environment and that security procedures are used to protect customer data.

VMS agreed to improve its information security procedures, implement an employee training program, and pay the state $20,000 in civil penalties and attorney’s fees.

The Attorney General also is filing a separate enforcement action against a third company, Nino Tax of Brownsville. The state launched its investigation after the Brownsville Police Department turned over to the OAG five boxes of records that were next to a dumpster behind the defendant’s office. The business records contained approximately 200 customers’ personal identifying information.

Although the investigations have revealed no confirmed incidents of victims’ personal information being obtained or misused by identity thieves, customers whose records may have been contained at the affected locations should carefully monitor bank, credit card and similar financial statements for evidence of suspicious activity. Texans also should obtain free annual copies of their credit reports from www.annualcreditreport.com to guard against this growing crime.

Consumers who wish to file a complaint may contact the Office of the Attorney General at (800) 252-8011 or do so online at www.texasattorneygeneral.gov, where they also can obtain information on identity theft detection and prevention.

FOR OTHER ITEMS ASSOCIATED WITH ATTORNEY GENERAL ANNOUNCEMENTS, ACCESS OAG NEWS RELEASES ONLINE AT WWW.TEXASATTORNEYGENERAL.GOV.

 

 

 

 

 

 

 

 

 

 

 

 

FOR IMMEDIATE RELEASE
September 29, 2008
www.texasattorneygeneral.gov

CONTACT
Press Office at
(512) 463-2050

 

Attorney General Abbott Charges San Antonio Rehab Facility With Unlawfully Dumping Client Records

Treatment Associates cited for exposing medical records of more than 40 clients

 

SAN ANTONIO – Texas Attorney General Greg Abbott today charged Treatment Associates of Victoria, Inc., with violating the Texas Identity Theft Enforcement and Protection Act. According to court documents, the San Antonio-based drug testing and rehabilitation facility violated a state law that requires businesses to protect their customers’ sensitive information.

The Office of the Attorney General (OAG) launched an investigation after reports indicated that Treatment Associates had unlawfully dumped bulk client records in publicly-accessible garbage containers. According to OAG investigators, the defendant exposed 44 clients’ sensitive personal and medical information, including Social Security numbers, private medical history and substance abuse records. The files also contained private information that clients shared during counseling sessions, as well as the personal information of clients’ family members and other third parties.

“Identity theft continues to be one of the most devastating white-collar crimes in the country,” Attorney General Abbott said. “This defendant faces severe penalties for failing to protect its clients’ sensitive personal and medical information. The Office of the Attorney General will continue working to protect Texans from identity thieves.”

Treatment Associates is charged with violating provisions of the 2005 Identity Theft Enforcement and Protection Act, which governs how businesses dispose of their clients’ sensitive personal information. Under the Act, the OAG may seek civil penalties of up to $50,000 per violation. The defendant also faces civil penalties of up to $500 for each abandoned record under Chapter 35 of the Business and Commerce Code, which requires businesses to develop retention and disposal procedures for their clients’ personal information.

Attorney General Abbott also charged Treatment Associates with violating the Texas Deceptive Trade Practices Act (DTPA) and the Texas Health and Safety Code for failing to protect clients’ medical privacy. The OAG may seek penalties of up to $20,000 per violation of the DTPA and up to $25,000 per violation under the Health and Safety Code.

Attorney General investigators are working to determine if any exposed data has been used illegally. Clients who interacted with Treatment Associates should carefully monitor bank, credit card and any similar statements for evidence of theft. Customers should also consider obtaining free copies of their credit reports at www.annualcreditreport.com.

Today’s legal action is the latest in a series of efforts by Attorney General Abbott to combat identity theft in Texas, a state the FTC ranks as No. 4 per capita in the incidence of the crime. In 2007 and 2008, the OAG filed several enforcement actions against vendors that carelessly and unlawfully disposed of confidential records containing customers’ personal information. The OAG has obtained more than $2.6 million in civil penalties for future identity theft prosecutions and reached agreements with several businesses to improve their document disposal systems and protect their customers from identity theft.

Attorney General Abbott also launched a consumer-friendly Web site to help Texans prevent or minimize the damage from identity theft. The site, www.texasfightsidtheft.gov, includes helpful resources, including the Identity Theft Victim’s Kit, which offers a step-by-step priority checklist that victims can use as soon as possible to prevent further damage.

Anyone who encounters a business exposing records with personal information, such as Social Security numbers, may call the OAG’s toll-free complaint hotline at (800) 252-8011 or file a complaint online at www.texasattorneygeneral.gov.

FOR OTHER ITEMS ASSOCIATED WITH ATTORNEY GENERAL ANNOUNCEMENTS, ACCESS OAG NEWS RELEASES ONLINE AT WWW.TEXASATTORNEYGENERAL.GOV.

 

 

 

 

 

 

 

 

 

FOR IMMEDIATE RELEASE
July 16, 2008
www.texasattorneygeneral.gov

CONTACT
Press Office at
(512) 463-2050

 

Attorney General Abbott Reaches Agreements That Will Help Protect Texans From Identity Theft

Agreed judgments require Select Medical Corp., RadioShack to improve privacy safeguards

 

AUSTIN – Texas Attorney General Greg Abbott reached settlement agreements with Select Medical Corp. and RadioShack that will help protect Texans from identity theft. The settlements resolve two state enforcement actions, which charged both defendants with violating state laws governing the disposal of customer records that contain sensitive personal information.

Under the agreements, the state will receive nearly $1.5 million that will ultimately fund future identity theft investigations and prosecutions. Equally important, both defendants will strengthen their existing information security policies by implementing new employee training programs that highlight identity theft prevention and educate staff about proper document destruction protocols. Under Texas law, vendors must take specific precautions before discarding documents that include customers’ bank accounts, driver’s license and Social Security numbers.

“Recognizing that identity theft is one of the nation’s fastest growing criminal enterprises, the Texas Legislature passed laws to protect Texans from this crime,” Attorney General Abbott said. “Under today’s agreements, both defendants will implement new procedures that will better safeguard their customers’ personal information. Equally important, nearly $1.5 million in proceeds from these settlements will be used to fund future identity theft investigations and prosecutions.”

The state’s agreement with Select Physical Therapy Texas L.P. requires the health care provider to amend its existing information security procedures to ensure future compliance with identity theft prevention laws. Select Medical must implement a new training program that educates their Texas employees about newly established privacy procedures and reviews state laws governing the disposal of customer records.

Under the agreement, all Select Medical Texas employees must take the training annually for the next five years. The mandatory course will explain identity theft, its costs to individual customers and the importance of complying with the company’s newly implemented document disposal protocol. To further ensure that employees comply with the new protocol, each of Select Medical’s Texas locations must post signs detailing records storage and disposal requirements. They also must maintain certification records that show each employee’s compliance with the training requirements.

Select Medical agreed to pay the state of Texas $990,000, which includes $100,000 in attorneys’ fees. Under the Identity Theft Enforcement and Protection Act, the remaining sum will be appropriated for the investigation and prosecution of future identity theft cases.

The state opened its investigation into Select Medical after the Levelland Police Department reported that more than 4,000 documents containing customers’ sensitive information were found in garbage containers behind a Select Physical Therapy Texas Limited Partnership location in that city. The records discovered by authorities contained patients’ bank account numbers, sensitive medical evaluations, drug and alcohol testing verification results, plan of care forms, insurance verification sheets, and social and vocational therapy questionnaires.

An agreement with Fort Worth-based RadioShack similarly requires the electronics retailer to enhance its existing information security procedures and implement a new employee training program. RadioShack’s training curriculum will largely mirror the requirements outlined in the state’s agreement with Select Medical. Additionally, RadioShack agreed to conduct unannounced compliance audits at all of its Texas stores at least twice a year. RadioShack agreed to pay the state $630,000, which includes $50,000 in attorneys’ fees. Under the Identity Theft Enforcement and Protection Act, the remaining sum will be appropriated for the investigation and prosecution of future identity theft cases.

The state’s enforcement action against RadioShack began when state investigators learned that the retailer’s Portland location exposed thousands of customers’ personal identifying information by dumping sensitive records into a publicly accessible trash can. Documents recovered from the trash included a customer’s 1998 credit application and a receipt for a shredder one customer purchased to prevent identity theft. The records contained customers’ Social Security numbers, credit and debit card information, names, addresses and telephone numbers.

Although neither investigation revealed confirmed incidents of personal information being obtained or misused by identity thieves, customers whose records may have been contained at the affected locations should carefully monitor bank, credit card and similar financial statements for evidence of suspicious activity. Texans should also annually obtain free copies of their credit reports from www.annualcreditreport.com to guard against this growing crime.

Consumers who wish to file a complaint may contact the Office of the Attorney General at (800) 252-8011 or do so online at www.texasattorneygeneral.gov, where they can also obtain information on identity theft detection and prevention.

FOR OTHER ITEMS ASSOCIATED WITH ATTORNEY GENERAL ANNOUNCEMENTS, ACCESS OAG NEWS RELEASES ONLINE AT WWW.TEXASATTORNEYGENERAL.GOV.

 

 

 

FOR IMMEDIATE RELEASE
May 8, 2008
www.texasattorneygeneral.gov

CONTACT
Press Office at
(512) 463-2050

 

Attorney General Abbott Reaches Agreement to Protect Check ‘N Go Customers from Identity Theft

Agreed judgment requires Check ‘N Go to improve document disposal process

 

EL PASO – Texas Attorney General Greg Abbott today reached an agreement with CNG Financial Corp. and its subsidiaries, Check ‘n Go of Texas, Inc. and Southwestern & Pacific Specialty Finance, Inc., to protect Texas customers from identity theft. The settlement resolves the state’s May 2007 enforcement action, which charged the defendants with violating laws that govern the disposal of customer records containing sensitive personal information.

Under an agreed final judgment obtained by the Attorney General, Check ‘n Go will overhaul its information security program. The program must be fully documented in writing and contain administrative, technical and physical safeguards designed to protect the personal information of Check ‘n Go customers. Check ‘n Go also will pay $220,000 to the State of Texas, which will be appropriated for the investigation and prosecution of future identity theft cases, pursuant to the Identity Theft Enforcement and Protection Act.

“Today’s agreement ensures that Check ‘n Go stores will implement new procedures to prevent identity theft,” Attorney General Abbott said. “In 2005, the Texas Legislature enacted an important law to help curb one of the nation’s fastest growing crimes. The Office of the Attorney General will continue working to prevent identity theft by aggressively enforcing laws that protect customers’ confidential information.”

Under its agreement with the state, Check ‘n Go must implement a new training program to inform its Texas employees about the company’s enhanced information security procedures. The employee training program must provide employees with a review of Check ‘n Go’s privacy procedures as well as state laws governing the disposal of customer records. The training program also must explain how identity theft harms individual consumers and businesses and the importance of abiding by the company’s disposal program.

The Office of the Attorney General took legal action against the defendants in May 2007 after discovering that several Check ‘n Go stores exposed customers to identity theft by discarding business records in easily accessible trash cans. According to the Attorney General’s enforcement action, the records included financial records and bank statements that contained names, addresses, Social Security and driver’s license numbers, and checking account information.

Under the new procedures, the defendants must designate an employee from its corporate office to oversee compliance with privacy protection laws. Store employees must be allowed to anonymously report any failures to comply with the program to the designated corporate-based employee. For two years, the compliance representative must forward a sworn statement to the Office of the Attorney General certifying that Check ‘n Go has instituted and satisfied the required employee training.

To further assure that employees comply with the program, each Check ‘n Go store must post signs explaining proper records storage and disposal procedures. Today’s judgment also requires Check ‘n Go to conduct unannounced compliance checks at each of its stores every six months.

Although the investigation revealed no confirmed incidents of personal information being misused, Check ‘n Go customers should carefully monitor bank, credit card and any similar financial statements for evidence of suspicious activity. All consumers should also annually obtain free copies of their credit reports to guard against this growing crime.

Today’s legal action is the latest in a series of efforts by Attorney General Abbott to combat identity theft in Texas, which the FTC ranks second in the nation for reported incidents of the crime. In 2007 and 2008, the Attorney General filed several enforcement actions against vendors that carelessly and unlawfully disposed of their customers’ confidential records. The state’s enforcement actions charged the defendants, including a national health services provider, with violating a 2005 law that requires vendors to protect records that might include Social Security and bank account numbers.

Anyone who encounters a business exposing records with personal information, such as Social Security numbers, may call the Attorney General’s toll-free complaint hotline at (800) 252-8011 or file a complaint online at www.texasattorneygeneral.gov.

FOR OTHER ITEMS ASSOCIATED WITH ATTORNEY GENERAL ANNOUNCEMENTS, ACCESS OAG NEWS RELEASES ONLINE AT WWW.TEXASATTORNEYGENERAL.GOV.

 

 

 

 

 

 

 

 

 

 

FOR IMMEDIATE RELEASE
January 10, 2008
www.texasattorneygeneral.gov

CONTACT
Press Office at
(512) 463-2050

 

Texas Attorney General Takes Action Against National Health Services Provider to Protect Consumers From Identity Theft

Select Physical Therapy Texas Limited Partnership cited for exposing customers’ medical records

 

LEVELLAND – Texas Attorney General Greg Abbott took legal action today against Select Physical Therapy Texas Limited Partnership and its parent company, Select Medical Corporation, for systematically exposing their customers to identity theft risk. According to documents filed by the Attorney General, the defendants violated a 2005 law requiring them to protect any consumer records that contain sensitive information, including Social Security and bank account numbers.

Investigators with the Office of the Attorney General discovered that Select Physical Therapy Texas Limited Partnership, formerly known as HealthSouth Rehabilitation Center, exposed more than 4,000 pieces of its customers’ sensitive information, including Social Security numbers. The state’s investigation was launched after reports from the Levelland Police Department indicated that bulk customer records were dumped in garbage containers behind a local building. Select Physical Therapy Texas Limited Partnership occupied the building until closing its office in October 2007.

According to Attorney General investigators, the records also contained credit and debit card information, names, addresses, and telephone numbers. The boxes also contained copies of checks from several large corporations who contracted with Select Physical Therapy Texas Limited Partnership to conduct employee physicals and drug screenings. Investigators also discovered sensitive medical information among the records, including initial evaluation and plan of care forms, insurance verification sheets, drug and alcohol testing verification forms, and social and vocational therapy questionnaires.

“The defendants are charged with improperly – and unlawfully – disposing of sensitive personal information, including medical records,” Attorney General Abbott said. “By failing to comply with the Identity Theft Enforcement and Protection Act, the defendants not only violated the law, they exposed their customers to identity theft. We are grateful to the Levelland Police Department for vigilantly uncovering and reporting the improper disposal of these sensitive records.”

Select Physical Therapy Texas Limited Partnership and Select Medical Corporation are accused of violating provisions of the 2005 Identity Theft Enforcement and Protection Act, which requires businesses to protect and properly dispose of clients’ sensitive personal information. The Act gives the Office of the Attorney General authority to seek penalties of up to $50,000 per violation.

The Attorney General also charged Select Physical Therapy Texas Limited Partnership and Select Medical Corporation with violating Chapter 35 of the Business and Commerce Code, which requires businesses to develop retention and disposal procedures for their clients’ personal information. The law provides for civil penalties of up to $500 for each abandoned record.

Attorney General investigators are also working to determine if any exposed data has been used illegally. Consumers who interacted with the Levelland business should carefully monitor bank, credit card and any similar statements for evidence of theft. Customers should also consider obtaining free copies of their credit reports.

The case is one of several identity theft enforcement actions filed by the Office of the Attorney General. In 2007, Attorney General Abbott filed a similar action against Minnesota-based Life Time Fitness and its subsidiaries for improperly discarding customer records in easily accessible trash cans. He also filed identity theft actions against CVS Pharmacy and RadioShack for improperly dumping customer records.

Attorney General Abbott also obtained temporary injunctions against CNG Financial Corporation, which operates Check ‘n Go stores across Texas, and Texas-based EZPAWN and EZMONEY Loan Services to improve their document disposal systems and protect their customers from identity theft.

Consumers who wish to file a complaint may contact the Office of the Attorney General at (800) 252-8011 or file a complaint online at www.oag.state.tx.us. Consumers can also obtain information on how to detect and prevent identity theft.

FOR OTHER ITEMS ASSOCIATED WITH ATTORNEY GENERAL ANNOUNCEMENTS, ACCESS OAG NEWS RELEASES ONLINE AT WWW.TEXASATTORNEYGENERAL.GOV.

 

 

 

 

 

 

 

 

FOR IMMEDIATE RELEASE
August 1, 2007
www.texasattorneygeneral.gov

CONTACT
Press Office at
(512) 463-2050

 

Texas Attorney General Takes Action Against National Health Spa Chain for Exposing Customer Records

Life Time Fitness cited for unlawfully dumping identifying information of adults, children

 

DALLAS – Texas Attorney General Greg Abbott took legal action Tuesday against Minnesota-based Lifetime Fitness and its subsidiaries, LTF Club Management Company, L.L.C. and LTF Club Operations Company, Inc., for systematically exposing its customers to identity theft. According to documents filed by the Attorney General, Lifetime Fitness violated the law by repeatedly failing to protect customer records that contain sensitive personal information, including Social Security and credit card account numbers.

Investigators with the Office of the Attorney General discovered that several Life Time Fitness facilities in the Metroplex area exposed customers’ personal identifying information by discarding customer records in easily accessible trash cans behind the stores. According to investigators, the records included names, addresses, Social Security and driver’s license numbers, and credit and debit card information. Because the defendants offer child care and youth recreational facilities, the discarded documents also included names and dates of birth of several minors.

“Identity theft is one of the fastest growing crimes in the United States,” Attorney General Abbott said. “Texans expect their personal information to remain confidential. The Office of the Attorney General will take all necessary steps to protect consumers from identity thieves.”

The defendants are accused of violating the Texas Deceptive Trade Practices Act (DTPA) and the 2005 Identity Theft Enforcement and Protection Act, which requires the safeguarding and proper destruction of clients’ sensitive personal information. Under the law, the Office of the Attorney General has the authority to seek penalties of up to $25,000 per violation of the DTPA and $50,000 per violation of the Identity Theft Enforcement and Protection Act.

The Attorney General also cited the defendants with violations of Chapter 35 of the Business and Commerce Code, which requires businesses to develop retention and disposal procedures for their clients’ personal information. The law provides for civil penalties of up to $500 for each abandoned record.

Today’s legal action also cites Life Time Fitness with unrelated violations of the Health Spa Act for operating several Texas locations without being registered with the Secretary of State. Under the Act, Lifetime Fitness can face penalties of up to $1,000 per violation.

The Office of the Attorney General is investigating whether any exposed data has been used illegally. Consumers who interacted with Life Time Fitness facilities should carefully monitor bank, credit card and any similar statements for evidence of suspicious activity. Customers should also obtain free copies of their credit reports.

Consumers who wish to file a complaint may contact the Office of the Attorney General at (800) 252-8011 or do so online at www.oag.state.tx.us, where they can also obtain information on identity theft detection and prevention.

FOR OTHER ITEMS ASSOCIATED WITH ATTORNEY GENERAL ANNOUNCEMENTS, ACCESS OAG NEWS RELEASES ONLINE AT WWW.TEXASATTORNEYGENERAL.GOV.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Knowledge of the law is an essential part to business success…

Shredding – Can you afford not to?