The University plans to institute a new campus-wide policy on the proper disposal of private records, officials said.
The new policy follows a June incident in which the University discarded between 200 and 300 boxes containing private data into an open trash container near campus.
The boxes contained documents that included grades, Social Security numbers and loan information.
“We’re developing and will distribute guidelines about document destruction,” University General Counsel Mark Rotenberg said. “It’s not common to have a written document destruction protocol.”
The University’s previous policy, which administrators called “very good” in June, provided five general sentences describing proper document disposal.
According to that policy, the proper disposal of the documents was left to employees’ discretion.
The Minnesota Daily reported that documents were improperly discarded behind an office building located at 2221 University Ave. S.E. After that incident, it became clear the University needed a new policy, Rotenberg said.
The new policy has not yet been made available.
Identity theft
Identity theft is the fastest-growing crime in the United States, FBI Special Agent Paul McCabe said in June. Each year, 500,000 to 700,000 identities are stolen.
Identity thieves acquire personal information to illegally obtain credit cards, open bank accounts, order goods and services online, and commit crimes in other people’s names.
One of the most common methods used to steal private information is called Dumpster diving, when people root through garbage containers, McCabe said.
The documents discarded by the University in June included a myriad of information. Some of the documents were as banal as a memo announcing an anniversary, but others showed more sensitive data.
Some of the boxes contained medical records, confidential research, photocopies of checks and credit card numbers.
The Gramm-Leach-Bliley Act of 1999 empowers the Federal Trade Commission to monitor and fine institutions who improperly dispose of financial documents.
Rotenberg said he is unsure whether the FTC is investigating the University.
Because some documents about student loans were discarded, the University also established the Information Security Program in addition to their campus-wide disposal policy.
Rotenberg said the additional policy was necessary to safeguard financial documents. His staff conducted an investigation into the improper disposal and recommended creating the program.
The FTC requires institutions that deal in financial transactions, such as tuition payments, loans and loan applications, to have a disposal policy in place.
As part of the new policy, the University will conduct training for its staff on how to properly dispose of documents.
“We’re going to roll out a training program to the units that are most affected by this,” Rotenberg said.
The University offers secure recycling, shredders and off-site contract shredding when necessary.
Susan McKinney, director of record and information management, and head of the training programs, declined to comment for this story.
Nathan Halverson welcomes comments at [email protected]