Paper and data security for professionals who handle sensitive client information

If you are in a profession in which you collect paperwork on your clients – for example, an accountant, attorney, financial advisor, or psychotherapist -- you may have paperwork in your home that could cause a lot of trouble if it fell into the wrong hands. 

At this point, we all know someone who has been a victim of identity theft. One friend of mine found that his tax refund had been directed to someone else’s account. It took him several years to collect the funds. Another friend’s email account was broken into. Posing as her, the hacker sent an email to her financial advisor and directed that a large sum of money be transferred to a new account.

It is hard to believe now, but our social security numbers used to appear on all kinds of paperwork. We have come across countless boxes of old pay stubs collected by our clients, with their social security number displayed right at the top of each stub. Some bank statements and medical records used to include them too.

I wish the IRS would find a way to encrypt our social security numbers on their documents, but they still appear on W-2s and on forms that need to be signed and submitted each year to process taxes.

The only solution is to stay on top of papers as we collect them, and not let the stacks of paper ever get so large that we lose control over them. 

Debby and Stan’s son, Mark, hired us to clear out a lot of the stuff that had accumulated in their Brooklyn home because he planned to renovate it for them. He intended to convert part of the ground floor into a large bedroom with a bathroom so they could eventually live entirely on this floor and not have to worry about stairs. This would allow Debby and Stan to age in place and avoid having to move in the future.

It was a great idea and we were happy to work with them. They were attached to their things, but they were not hoarders. Just heavy collectors. The main problem was that they ran their joint accounting practice out of the house and the business files had taken over a lot of space.

Stan was using what was once a beautiful formal dining room as his office, and Debby was using an enclosed porch that must have once been a lovely place to have breakfast, as hers. Both workspaces were packed with files, but the files in these workspaces were no match for the files in the basement. There, they had stored more than forty years of files from former and present clients. 

As we toured the basement the first time, I could see, without opening a single box or file, the names and social security numbers for many of their clients. They were scattered all over the place, in random piles.

I quickly realized how easy it would be for anyone entering the house to collect -- without much trouble at all-- enough private information on these clients to get away with some lucrative identity theft. 

As we worked with them, both Debby and Stan could see the need to shred all past client files and to secure the current files. We wound up bringing our on-site shredder to the house four or five times. This company has a shredder on their truck and you can watch your papers get pulverized right there on the street. It’s an activity I find oddly comforting. 

If you are in the position of keeping financial or tax records for your clients, you have a responsibility to protect this information. You are a steward of your client’s paperwork and, as such, you should stay on top of technology and find ways to handle their data and information with discretion and security.

The solution might be that you should not be keeping paper files on anyone. Or you keep just what you need and store them in locked cabinets. In this case, you should prepare a calendar of how long you will hold onto each client’s information, and you should have a clear policy for destroying your copies of their files after a stated period of time.

At the very least, you do not want to leave boxes of this sensitive information in your home to be dealt with haphazardly after you die. You should have a clear plan for them which has been expressly stated to your heirs. This will prevent them from suddenly finding themselves the caretaker of strangers’ sensitive information.

If you are keeping digital files with client information, you have the same responsibility – to protect the data you have. Please don’t think that because something is on your laptop it is safe from prying eyes. There are apps, services, and backup drives that you can use to manage data securely. And password managers are a hugely important tool. This article from the Wirecutter gives a great overview of some of the options available: Back up and secure your digital life.

It's a chore to keep on top of this data. But setting clear guidelines makes it a lot easier than finding yourself having to deal with it all at once. Or, worse, cleaning up a data breach.

Paper and data security paper shredder image sensitive data