Confetti Crisis: Don’t Let Poor Security Rain on Your Parade
There's much to learn from an unusual security breach at the Macy’s Thanksgiving Day Parade. First up: Check your association security procedures.
It was a different kind of confetti that rained on the Macy’s Thanksgiving Day Parade last week, leading to an in-depth investigation of a local police department.
According to the Los Angeles Times, this so-called “secret confetti” contained snippets of Social Security numbers, phone numbers, and license plate numbers. A few paradegoers even noticed details regarding former GOP presidential candidate Mitt Romney’s campaign motorcades. The shredded bits of paper seem to have come from the Nassau County (New York) Police Department, which has since released a statement with its concerns about the document dump. Now, the police department promises to review its procedures for disposing of sensitive materials, such as shredded police reports.
Time to listen up: Though the incident was quirky, it’s one that associations and other businesses should take seriously. As entities that hold valuable, often private information about members, associations need data security from top to bottom.
Don’t get compromised: S. Keith Moulsdale of the law firm Whiteford Taylor Preston gives a similar warning in his blog post “Are Assocations and Nonprofit Organizations the Next Big Target for Cyber Attacks?” “However it happens, a security breach can compromise the personal information of your employees or members and have drastic, negative effects on your mission and reputation, leaving you stunned and the world angry at you,” he says.
Make a plan: So what’s an association to do? Moulsdale offers some suggestions: A regular audit of security practices to determine how your association collects and shares personal information can help point out leaks in the system, while knowing state law for confidential information can help focus your working plan. Possibly most important? Prepare a “just-in-case” scenario in the event data gets leaked. Have a plan for who to contact and how to deal with the bad publicity.
What are you doing to keep your membership data safe? Do you have a backup plan? Tell us in the comments.