After you shred your confidential documents, what do you do with them? Police are investigating after some of the confetti at last week’s Macy’s Thanksgiving Parade in New York City was apparently produced from the confidential records of the Nassau County Police Department (NCPD).
Parade spectators reported seeing confidential information such as Social Security and license plate numbers, names of NCPD officers, information from arrest records, and even information about a motorcade for Mitt Romney when he was the Republican presidential candidate in the confetti that littered the streets after the parade. From photos in the many, many news reports on this topic, it appears the confidential confetti was in the form of paper shreds from a strip-cut shredder instead of the more secure paper particles that a cross-cut shredder would produce.
According to New York TV station WPIX-TV, a NCPD employee brought the confidential confetti to the parade. Needless to say, the force is reviewing its procedures for disposing of sensitive documents. Meanwhile, according to a New York Post story, Macy’s uses “commercially manufactured, multicolored confetti not shredded, homemade or printed paper of any kind in the parade.”
It will be interesting to monitor this story, particularly the circumstances surrounding the confetti’s creation and use.
But regardless of how the story unfolds, there’s a lesson for all organizations here: it is not enough to shred confidential information – you have to shred it beyond the point of legibility and reconstruction – and you have to ensure the shreds are securely disposed of.
