CVS The Latest To Throw Away Customer Info, Including Credit Cards, SSNs... And Prescription Info

from the nice-work dept

Witty Nickname who alerted us to the Texas Attorney General's decision to sue Radio Shack for dumping into the trash all sorts of customer info has now submitted that the same Texas AG has also decided to sue pharmacy chain CVS for similar moves. Like Radio Shack, CVS employees were apparently dumping customer records in the trash where any dumpster diver could have picked up all sorts of useful info (if by useful you mean useful for identity theft). That included all the expected info: name, address, phone number, social security number and credit cards. Of course, since it's a pharmacy, it also included what prescriptions those customers happened to be taking. You would think with a large chain like CVS that protecting customer info (especially what pharmaceuticals customers were taking) would be something that wasn't just important, but was drilled into employees. Apparently not. Does this mean that CVS will now lose 77% of its customers? Somehow I doubt it.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Michael Kohne, 18 Apr 2007 @ 4:35pm

    HIPPA

    I bet this is worse for CVS than Radio Shack - CVS has HIPPA rules to follow (you know, that medical privacy law?). I'd be surprised if several other folk don't take an interest in CVS's operations now.

    reply to this | link to this | view in chronology ]

  • identicon
    insomniac4104, 18 Apr 2007 @ 5:27pm

    HIPPA is right

    I do database programming for a health care company. I had to go though hours of HIPPA training and pass an exam before I was allowed to even touch a query. Not to mention on top of it we are SOX compliant. If we though out medical records we would have our asses handed to us. We even have strict rules about husban/wife ect in the company because of the ablitlity to look at there healtcare and modify there own claims. How the fu*k did CVS get away with this crap.

    reply to this | link to this | view in chronology ]

  • icon
    lavi d (profile), 18 Apr 2007 @ 5:31pm

    Good Lord!

    I thought when I read the title, "The folks who maintain the Content Versioning System are careless with credit card info? Do they even need credit card info for some reaon?"

    http://www.nongnu.org/cvs/

    Guess that's what I get for being in front of a computer 16 hours a day.

    reply to this | link to this | view in chronology ]

  • identicon
    CubFx, 18 Apr 2007 @ 6:27pm

    Did anyone say HIPPA?

    Aren't HIPPA regulations supposed to protect consumer's health care information? It seems that the disposal of prescription information in an unsecured manner would be a serious violation/

    Unlike previous regulations, HIPPA was supposed to have teeth. Where are they?

    reply to this | link to this | view in chronology ]

  • identicon
    RandomThoughts, 18 Apr 2007 @ 7:04pm

    CVS will pay some fines on this one over the prescription information.

    reply to this | link to this | view in chronology ]

  • identicon
    Jon, 18 Apr 2007 @ 7:46pm

    I work for CVS

    I am a supervisor at a cvs and let me tell you it is drilled in their heads to not throw it away. If it was happening it should not be on all of cvs but the stores in question. We do not throw any of ours away. All garbage, all receipts, etc get put in a special bag. These bags do NOT go in the garbage. We better never catch an employee throwing this info away in the dumpster because we WILL fire them on the spot.

    I hate it when a small number of stores make the whole chain look bad. The store I work at which I can tell you is not in Texas, (I am not surprised it happened in Texas though) is very careful with all information.

    reply to this | link to this | view in chronology ]

  • identicon
    Nobody Special, 18 Apr 2007 @ 8:09pm

    HIPPA

    This has a lot of potential for major fines and penalties. I would not be surprised if someone goes to jail for it. If memory serves me correct, the penalty can be $10,000 and 10 years in jail for EACH infraction.

    I work doing tech support for a doctor's group. Anything that remotely relates to a patient is to be shredded including prints from test patient records. The cost is negligible compared to the cost of a single incident.

    reply to this | link to this | view in chronology ]

  • identicon
    Wizard Prang, 19 Apr 2007 @ 7:04am

    Just so you know...

    ... it's HIPAA

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Apr 2007 @ 7:16am

    The fine may be $10,000 and 10 years in jail for each infraction but similar "penalties" are in place for other things but all that ends up happening is that the company pays a simple fine.

    Part of the problem is that EACH infraction is considered the act in whole, not EACH individual piece that was thrown out. Personally I think the fines and jail time would have much more impact AND actually get businesses attention if it was for EACH piece thrown out.

    reply to this | link to this | view in chronology ]

  • identicon
    Witty Nickname, 19 Apr 2007 @ 1:57pm

    Re: I Work for CVS

    I love how the CVS employee turned a story about Identity theft and carelessness of information regarding his company into an insult to Texans. Yeah, Texans are all dummies, imagine how much better this nation would be without all those pesty companies like Texas Instruments, Dell, Halliburton, Shell, Exxon....

    Well, he at least must be really smart, he managed to be an employee at CVS!

    reply to this | link to this | view in chronology ]

  • identicon
    Jon, 22 Apr 2007 @ 6:07pm

    Witty Nickname I'm sorry you took offense to my comments. I did not claim Texans were dumb I said it was not surprising it happened there. The four states things happen that cause big problems (Mainly because of media exposure) are California, Texas, Florida, and New York. I'm sorry if that offended you but you in essence did the same thing by blasting me. You sound to have a problem with the company from your remarks. I just graduated with a bachelors degree and an associates degree so I am not as "stupid" as you are inferring. However in my area jobs aren't abundant and I took what I could get. Being in a management position right after college is not a bad start.

    My point was that it is not all stores and the whole chain should not have to suffer for what few stores have done. I also pointed out that we take every precaution at our store not to have this info taken. It is held IN the store at a special location and taken from the store by a truck which then takes it to an area mandated by the state where it can be incinerated. Almost all information goes into this area. Anything that has a customers NAME even goes in these areas.

    Once again I apologize if you took offense.

    reply to this | link to this | view in chronology ]

  • identicon
    Wayne, 25 Apr 2007 @ 10:20pm

    I love it!

    I have absolutely no idea what y'all are talking about, but whoever the author of this piece is linked "Witty Nickname"(Very first words of this story) to my monthly Podcast(www.waynecast.com). I feel violated. Not really. It's kinda fun. And perhaps I will post this on my waynecast in May. Don't forget to call into the waynecast.com 281-754-4663!!! See ya!!

    reply to this | link to this | view in chronology ]

  • identicon
    plastic molding, 5 May 2009 @ 7:46am

    CATV

    After decades of proving that women are equal to men, relationships between guys and girls are very progressive. You’ll usually see China printing men looking after the babies, putting them in prams and taking them for walks while the mum goes off to work and earns the living.” We were introduced to another scaffolding second set of Kiwi pals—Greg and Wendy—through a friend’s of Holly’s from back home in Syracuse.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Show Now: Takedown
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.