OutputLinks columnists are leading HVTO experts. Our columnists regularly publish insights and thought leadership on the latest management and technical topics related to rapidly changing HVTO industry.

Into the Breach – Again!

By Pete Basiliere, Gartner

One security breach of your high volume transaction output (HVTO) operation is no laughing matter. Three within a year is unthinkable. Yet, as I warned before, it can happen to you.

Just last month a Wisconsin State Department of Health and Family Services mailing produced by Electronic Data Systems Corp. exposed constituents’ Social Security numbers (SSNs) on the address labels of nearly 500,000 pieces of mail, some 260,000 of which were mailed before EDS noticed the problem and stopped the job. And two weeks later, the Wisconsin Department of Revenue acknowledged a 5,000 piece mailing to taxpayers had SSNs showing through the address window. Both security breaches occurred within thirteen months of a 171,000 Department of Revenue mailing produced by an outsourcer that also had taxpayer SSNs exposed.

I cannot stress strongly enough the very real possibility this could happen to any – to your – HVTO operation. These security breaches underscore the need for you to place equal emphasis on securing business and customer data — whether produced in-house or outsourced. Missing or ignored security best practices, poor document design and inadequate print/mail production tools will put your customers' data at risk and, therefore, jeopardize your company's reputation and business.

Sound document design, utilization of printers and inserters with intelligent scanning capabilities, and enforcement of quality and security assurance best practices minimize the opportunity for print and mail-related breaches. Here are three concrete steps you can take:

·         First, restrict the use of SSNs to highly protected and confidential applications that absolutely must use this identifier.

·         Second, implement and enforce sound document design practices to ensure confidential information will not appear in the address block, even when the form is misfolded.

·         Third, employ Automated Document Factory 2.0 software and hardware tools both in-house and at your suppliers’ facilities, as well as regular employee training on security best practices, in your operation.

As a manager, you appropriately focus on preventing high-tech attacks on your company’s IT infrastructure. However, poor process controls, human errors and equipment problems at an outsourcer as well as your internal operations may leave customers’ and constituents’ confidential information exposed to the theft. Regularly assess the security of print and mailroom operations, both internal and external, and implement the security best practices that will keep your company’s name – and possibly yours – out of the headlines.