Techdirt has a story where an individual received 34 credit cards belonging to others with his new card. The individual claims he had a great deal of difficulty getting anyone at Amex to deal with the issue. He was told at one time just to cut them up.

This illustrates 2 issues.

First – as we have seen many times before, a prompt and proper response to any alleged privacy breach is crucial. Every person in every business that has customer contact must be trained to spot privacy issues, and immediately bring them to the attention of the business’s privacy officer.

Second – what should be the proper response when something like credit cards or documents with personal information is sent to the wrong person? Is telling them to cut them up or shred them sufficient? Or should they request they be returned? At least if they are returned, the business will know exactly what was sent.

In either case, how would the business ever know if the material was actually destroyed, or that copies were not made?

Read the Techdirt post