Faithful readers should know by now that I get on kicks from time to time. Whether it is paperless office goals, continuing my education, or some other type of growth, I tend to make advances in waves. Recently I’ve noticed a lot of personal information security breaches in area businesses. In the era of stiff fines for HIPAA compliance breaches, security breakdowns are still rampant throughout medical communication. These problems aren’t limited to just medicine, though. The lack of security for non-medical transmission of sensitive, personal information remains a dangerous problem, too.

I have always heard that one of the biggest vulnerabilities to identity theft we have is the use of checks. The bold checking and routing numbers can easily be read through envelopes in the mail, and can be used with no authentication to purchase items online. While many banks have created convenient methods of online payment, there are still some situations which require the use of a check. For our convenience, vendors enclose a return envelope, however in many cases those envelopes are not “security envelopes”. It’s time for businesses and government agencies to wake up and stop tempting us with these insecure methods.

Security envelopes have a printed pattern on the inside that obscures the visibility of enclosed information. Because these envelopes require a printing process before folding in the assembly process, they are more expensive. However the use of these can greatly improve the security of an envelopes information. Because of this I am discarding the non-secure return envelopes and printing my own return envelopes when security is warranted.

I recently received a routine notice from the Employment Security Commission of North Carolina. Occasionally they will check the recent employment records of citizens of this state to verify the information on other paperwork in the system. I hire many temporary employees through the year, and they are treated as true employees while they work here (that’s another big irritation I have with NCESC, but that’s another post). Today I received a notice about a former “employee” which clearly states the citizen’s full name and social security in the header of the document. The letter asks me to verify the salary paid to this person, and return the document in the enclosed NON-SECURE return envelope!

When the completed form is correctly inserted into the envelope, this person’s full name and social security number are CLEARLY LEGIBLE from outside the envelope. This is unacceptable, especially from an agency that routinely handles some of the citizens’ most sensitive information while carrying the word “security” in their own name.

You can help spread the word with your business. If your business encloses return envelopes, make sure that information cannot be seen through the envelope. Also notify your vendors that you would like them to use secure envelopes by notifying their billing department by phone or in writing. In the least enclose a slip of paper with a such notice with your payment. For example:

Due to identity theft concerns, we are now asking all of our vendors to refrain from sending non-security return envelopes for payment. Any non-security envelopes will go unused, so please reduce waste by either utilizing a different, secure envelope design or excluding return envelopes altogether.

Perhaps such notices will help businesses realize the risk they are creating for their own customers. The fines for HIPAA breaches can be $50,000. Reprimands for personal information leakage in non-medical entities certainly aren’t as severe, but their information leaks can have just as devastating effects on customers. Let’s work to reduce these errors in the private sector before the legislature/congress is prompted to use their inaccurate, brute-force methods. In the meantime it would be nice if government agencies would adopt safe practices, too.