A Texas fitness center settled with the State of Texas over allegations that the fitness center allowed their customers’ sensitive personal information to be left in a trash area without adequate protection. The Texas Attorney General indicated that when the fitness center was moving one of their facilities, a filing cabinet containing personal-training contracts and personal information, including Social Security and driver’s license numbers, was found in a dumpster. Cornerstone Fitness Texas and the State of Texas stipulated to a final judgment and permanent injunction that bars Cornerstone Fitness from improperly disposing of records containing personal information and requires Cornerstone to pay $28,000 to the state. The stipulated order requires that when disposing of records that contain personal information, Cornerstone Fitness must modify the records to make the personal information unreadable, through shredding, erasing or other means. The court also ordered that Cornerstone Fitness adopt and maintain an Information Security and Safe Disposal Program to safeguard against the unlawful use, disposal, or disclosure of personal information. The stipulated judgment did not constitute an admission of liability.
TIP: If you collect and maintain personally identifiable information, be sure that you not only have measures in place to safeguard that information while it is in your possession, but also have a process in place to ensure that when you no longer need the storage media on which the data is stored (whether it is in paper or electronic form), the media are disposed of – and destroyed – in such a way that a third party cannot access the personally identifiable information.