Related to:
Oct. 24 2012 10:13 AM

I noticed a couple more news stories lately about privacy breaches involving mailing pieces. I know it seems strange for someone who has spent their career in the mailing industry, but I actually seek out reports like these and have accumulated quite a collection. The reason behind this ghoulish hobby is to learn from the mistakes of others so I can help our consulting clients avoid the embarrassment and financial impact of making the same kinds of errors.

In one recent case, a large insurance carrier printed social security numbers that were visible through the window of the mailing envelopes. They paid $150,000 to the state and offered to pay for a year's worth of credit monitoring services for the 33,000 individuals affected.

Social security numbers were the nemesis of another organization that made it into my "What Were They Thinking?" file. A university sending out postcards reminding their employees about annual benefit enrollment printed the private information right below the address on the front of the cards. There was apparently no fine involved, but university workers will be eligible for a year's worth of credit monitoring services. Even though only 9,000 employees were affected, the credit-monitoring cost to the school could be substantial.

It seems credit monitoring has a better growth potential than mail these days!

It's Not Just the Hackers
Many of us think about security breaches in the context of international criminals who are actively trying to steal identities. Those invasions definitely happen. But the incidents like those described above are probably more common. Guarding against accidental breaches should be a focus for document operations.

Consider situations like these and ask yourself if they could happen in your shop:

Stolen computers or drives - How often do programmers or others in your organization take work home with them? Once it leaves your environment (often without authorization) sensitive data can be at risk.

Improper disposal - Documents containing private information have been discovered in dumpsters or trash bags. What happens to the test print you created using live information or to damaged documents that get reprinted? It might be your policy to shred them, but are you sure that happens every time? I've seen employees take reams of documents awaiting pick-up by the shredding vendor home with them so their preschoolers can color on the back!

Unsecure document deliveries - Do you deliver output to your customers? Are the pages locked up or are they stored in cartons and stacked in the reception area or the receiving dock which may be unobserved for long periods of time?

Document composition errors or data mix-up - We've seen countless stories where data from one person got merged with another's name and address. Besides inaccurate matching logic, jams that cause duplexing to get out of sync, pages that get jumbled, and inserter read errors are just a few ways these kinds of mistakes can happen.

Not as Foolproof as You Think
I have had conversations with operations managers who tell me they had nothing to worry about because they had barcodes on their documents. After a little probing, they reveal that the barcodes upon which they are staking their reputations are OMR (optical mark recognition) - a series of hash marks that do NOT guarantee document integrity and have no tracking functionality.

In most document operations workflows there are dozens of ways that security breaches can occur. Many can be prevented. Those that cannot be prevented can be caught before the damage is done. Establishing procedures for handling sensitive data and documents, quality control, training, and continuous reinforcement can be an adequate first line of defense.

It's Not Just SSN's
The accidental breach of any kind of information that might be considered private or sensitive by mail recipients can cause a lot of grief. Today's trend of individualized and targeted messaging means we're using more personal and demographic information as segmentation criteria or variable data in documents. This increases the risk, even on applications like direct mail marketing, where production controls have been relatively loose in the past. Security awareness should probably be heightened in document centers of all kinds. Operations that ignore the risk are putting their companies, their reputations, and their jobs on the line.

Mike Porter is President of Print/Mail Consultants, an independent consulting firm that helps companies nationwide be more productive, adapt to changing requirements, and lower costs in their document operations. For more ideas about how to make mail work for you, connect with Mike directly at Or visit and sign up for Practical Stuff - the free newsletter dedicated to document operations professionals.