Dumpster Diving

0 Comments 5:48 pm

Part 1 – 3: Terms and Definitions for Dumpster Diving

TermDefinition
Dumpster DivingSearching trash for important details about someone
SpamUnsolicited and unwanted junk via mail
ImpersonationPretending to be another person for the purpose of fraud

Many people tend to throw away anything they receiving in the mail that is not important to them or is considered spam. Spam via the mail can include tons of important information, sometimes junk mail, about someone including address, first and last name, monthly statement, and offers such as new credit cards, loans, and memberships to places you have been. Someone could easily search your trash or grab trash bags to find all of this sensitive information and apply for credit cards and such in your name. This process is also considered a form of impersonation which allows someone else to apply for credit cards pretending to be you under your name, and identity fraud, but the process of searching through someone else’s trash is called Dumpster Diving.

It is crucial that businesses utilize shredders to destroy documents or use government grade wiping to destroy equipment from being read after hard drives, USB drives, etc. are decommissioned. Most regulatory laws require businesses to follow certain procedures with throwing away employee or client information that is printed. Likewise, data stored on hard drives which are then either destroyed or wiped must follow a sanitization process which includes formatting and erasing all content on the drives and then either puncturing the disks or melting the drives. These requirements used were provided by DoD 5220.22- M document from the U.S. Department of Defense. This document is no longer in-use and is now superseded by a new document, NIST SP 800-88 (Guidelines for Media Sanitization), you can obtain this document from here, https://csrc.nist.gov/publications/detail/sp/800-88/rev-1/final. Other regulatory compliance laws include

  • HIPPA (Health Insurance Portability and Accountability Act): HIPAA details the proper disposal of PHI on paper and electronic media. Degaussing before physically destroying is a critical step in disposal of data on hard drives. Only a degaussed hard drive is truly erased of sensitive data.
  • FACTA (Fair and Accurate Credit Transactions Act) FACTA details protection and disposal of consumer reports such as credit reports, credit scores, employment background, etc. which could result in identity theft.
  • FISMA (Federal Information Security Management Act) FISMA helps strengthen government information. This compliance details the requirement that all magnetic media be degaussed for disposal.

Some easy ways to prevent dumpster diving include use of a lock and key for both indoor and outdoor bins. Not all dumpster diving occurs outside of the building. Trash bins inside the office usually are never protected and could easily be sifted through by another employee or a client. Another viable option is to shred or burn documents. Depending on how sensitive the information is, shredding the documents can only do so much. If someone is truly wanting to find out information on a document, they may have the time to piece together shredded documents. The ultimatum is to burn anything you absolutely do not want anyone to see or have access to again.