Ray Boone, Deseret News
HOLLADAY — David Shell is outraged.
Files containing clients' Social Security numbers and bank account information were found dumped outside the former office of Thomas Rasmussen near 4700 S. Highland Drive. One of those files contained Shell's information.
“I don’t believe it,” he said. “They should not be able to just take a receipt book and throw it in the garbage out behind their business.
“That’s still a valid bank account,” he said, looking at a ledger with his bank information from more than 10 years ago.
KSL pulled one box out of the Dumpster and then notified the Utah State Bar. It recovered eight more. Files in the boxes — all at least a decade old — were secured and are being destroyed.
“This is big. This is a violation of my privacy and of my security,” Shell said. "You just don’t know what’s going to come back to bite you.”
Rasmussen said he wasn’t sure how the files left the office and that a plumber doing work in the building may have thrown them out to clear a crawl space. Rasmussen was disbarred a few years ago and said he no longer works in the legal business.
Scott Morrill, program manager for the Identity Theft Reporting Information System with the Utah Attorney General's Office, said leaving that information could really cause damage to a person’s credit or finances.
“When they put them in the trash like this, it allows anybody to obtain that information,” Morrill said. “And once they obtain the Social Security number, they can basically do whatever they want. They could set up accounts, file tax returns, (and) obtain credit cards."
State statute requires businesses to notify customers of electronic data breaches, but if the data are on paper and it is stolen or discarded, there's no such requirement.
“It’s not covered under this data breach statute because it’s not computerized data. It’s not data on a hard drive,” Morrill said.
That doesn’t mean victims can’t take civil action, he said.
“If they become a victim, they might want to contact their own attorney,” Morrill said.
Business owners should have a policy on how to handle personal information, he said.
“It should be kept in an encrypted form, on a computer hard drive or some sort of storage device, behind firewalls and not kept out in the open,” Morrill said.
The company should also have a policy in place on how to destroy and remove those documents, he said.
“This involves a lot of my life,” Shell said. “This can affect my whole life, and somebody that you should be able to trust, like an attorney, should not be able to just disregard your privacy and your information."
Contributing: Viviane Vo-Duc
- Profane and acclaimed: 'The Book of Mormon'...
- LDS Church 're-evaluating' Scouting program...
- Which U.S. cities are the best for upward...
- Canceled Utah race renews fears of shrinking...
- Is report on building prison in Draper...
- About Utah: Thousands served by one good idea
- Sandy mailman's plea for books gets worldwide...
- Doug Robinson: Gifts of life bring joy to 2...
- Mike Lee plotting tricky maneuver to... 84
- Does secret southern Utah meeting mean... 52
- Profane and acclaimed: 'The Book of... 45
- LDS Church 're-evaluating' Scouting... 33
- Is report on building prison in Draper... 30
- Mike Lee pushes forward with plan for... 15
- Most Utahns oppose Supreme Court ruling... 13
- Mural on side of restaurant violates... 12