A Spotlight on Secure Document Destruction 

Recently, according to several sources, including MSN, Bank of America’s third-party data destruction vendor experienced a breach.

Documents containing personally identifiable information (PII), intended for shredding, were discovered in unsealed containers outside the vendor’s location. 

The old saying, “hindsight is 20/20,” rings painfully true. It’s always easier to spot the flaws in procedures after a security lapse has occurred. 

However, this breach inspired me to reflect on the impressive security measures I’ve observed during audits of collection agencies and repossession vendors.

Let’s take a moment to highlight their proactive approaches to secure document destruction. 

Best Practices in Action: What Secure Vendors Get Right 

  • Limited Print Capabilities – 

    • Only employees with a specific need to print have access to printers. 
    • Remote workers are restricted from printing entirely. 
  • Controlled Access to Shred Bins – 
    • Only one designated employee holds the key to the shred bin. 
    • If the bin must be opened due to an error, two people must be present to witness the process. 
  • Strict Vendor Protocols – 
    • Shred vendors are required to sign in as visitors. 
    • They are escorted by an employee at all times while inside the building. 
  • On-Site Shredding with Oversight – 
    • The shredding process is conducted at a shred truck, usually stationed in the parking lot, where an employee monitors the destruction from start to finish. 
  • Surveillance for Full Accountability 
    • The entire shredding process is monitored by security cameras. 
    • Surveillance covers both the activities within the building and the shredding process outside at the truck. 

Going the Extra Mile: Auditing in Action 

When I am on-site during a scheduled shred day, I personally follow the shred company’s process from start to finish.

If I’m there on a non-scheduled day or conducting a remote audit, I request and review the most recent camera footage of the shredding procedure. 

End Notes 

Data security isn’t just about having a policy in place — it’s about enforcing those policies with consistency, oversight, and accountability.

The recent breach serves as a sobering reminder of what can go wrong, but it also shines a light on the organizations that are getting it right.

Let’s continue to learn from these incidents and double down on the practices that keep sensitive information safe. 

Would your organization pass the shred test? If there’s any doubt, now is the time to re-examine your processes. 

And, since we are talking physical security here.. probably a good reminder not to put your password on a sticky note!

Sign Up for the  Twice Monthly Newsletter

Just enter your email address at the top orange bar at:

Collection Compliance Experts – “The Power of Expertise: Oversight Perfected”

It’s that easy!  Twice a month – we provide blog updates and Resources for the Collection and Industry Professional. 

Your email is just for this newsletter.  We never sell your information.  No fee.  Opt-out at any time.

Author: Bev Evancic

Bev.Evancic@ResourceManagement.com

Bev Evancic is a Senior Vice President at Resource Management Services, Inc.  Prior to employment at RMS, Bev worked as the Collection and Recovery Manager at AT&T Universal Card, Citi, and Federated Department Stores. Bev started in the collection industry as a collector at an upscale clothing store in Cincinnati, Ohio. As a returned check and private label credit card collector, Bev gained a basic understanding of the collection industry that has not changed with the introduction of regulations. Her collection philosophy begins with the idea that businesses and customers benefit from preserving the customer relationship. First, collectors need to attempt to contact customers when it is convenient for the customer to discuss his/her financial condition and willingness/ability to pay. Second, you never collect money by intimidating or threatening customers. Third, businesses must make sure the debt is valid. 

She has managed all phases of collection and recovery operations, including automated dialer units, bankruptcy, and legal units, skip tracing units, internal collections, outside collection agency networks, and Consumer Credit Counseling. As a Consultant for Resource Management Services, Inc., Bev has spearheaded collection and recovery best practices reviews for many top credit grantors. Her articles on dialer operations, agency management and bankruptcy best practices have been widely publicized. 

She is well known and regarded as a specialty expert in the areas of: Repossession, Bankruptcy, Estate, Litigation, as well as Pre- and Post- Charge-off. Prior to joining Resource Management Services, Inc. in 1995, Bev managed the Recovery Department for AT&T Universal Card Services where she developed the bankruptcy, probate, internal and litigation processes. 

She is the author of “Recovery Management: Collecting the Uncollectible Account.

You might also like:

The High Cost of Repossession: Why No One Wins

Mixed Signals: Why Auditing Third-Party Vendors is a Must 

Trump Administration Moves to Suspend CFPB Operations Amid Overhaul

Leave a Reply

Your email address will not be published. Required fields are marked *