AVP Article - Dumpster Diving for Fun and Profit

Dumpster Diving for Fun and Profit
by Kevin McLaughlin, Assistant Vice President for Information Security & Special Projects, University of Cincinnati

“Dumpster diving, rather than the physical diving implied by its name, is actually more along the lines of fishing - it is as relaxed or competitive as desired, follows many seasonal trends and localizations, is an excellent social activity, and may just leave you with something interesting. Dumpster diving consists largely of rummaging about through others' trash. It at once allows you to challenge and take advantage of the fact that people as a whole are very, very wasteful. And while poking through your neighbor's trash this very moment would be a perfectly acceptable, if perhaps somewhat awkward, dive, there is a fair amount to know in order to keep the diving experience safe, enjoyable, and fruitful.”
 - Durkie

In our electronic society information flows freely. We are bombarded almost daily by news reports of data or identities being stolen and then used to take money from financial institutions or individuals.

Because of these electronic influences and news reports we often forget that hard copy document disposal and protection is just as important as the disposal and protection of electronic data. During a recent bout of dumpster diving conducted by the UC Information Security department, we found thousands of documents that contained sensitive and regulated data. For obvious reasons, I will not go into details in this article but it is important that, as a community, we understand that a greater level of diligence is required on our part when discarding paper documents that contain sensitive or regulated information.

I encourage you to carefully evaluate the hard copy documents you dispose of and make sure that they do not have SSNs, student information, grades, or financial data on them. If you need to dispose of papers that contain sensitive information you should shred them or place them into a locked recycling container that will be emptied by a bonded disposal agency. Further, periodic checks of the container should be done to make sure that the paper does not pile up high enough to allow someone to reach in and take papers out.   

Kevin L. McLaughlin
CISM, CISSP, PMP, ITIL Master Certified
Assistant Vice President for Information Security & Special Projects, University of Cincinnati
University of Cincinnati
513-558-ISEC