The Federal Trade Commission reports over nine million people nationwide fall victim to ID theft each year. When we think of ID theft, the first thing that comes to mind is computer hackers—high-tech criminals with gadgets and gizmos that crack firewalls and steal the credit card numbers of online buyers.
Even though a record may be of no use to you and may have met all of its business needs, it remains your responsibility. Your duty of care over records extends from the time of their creation to the time of their ultimate destruction, no matter whose hands the documents or records pass into. Therefore, the controls that you establish must be capable of ensuring that risk is addressed at all stages of a record’s life.