CVS The Latest To Throw Away Customer Info, Including Credit Cards, SSNs... And Prescription Info

from the nice-work dept

Wed, Apr 18th 2007 3:44pm — Mike Masnick

Witty Nickname who alerted us to the Texas Attorney General's decision to sue Radio Shack for dumping into the trash all sorts of customer info has now submitted that the same Texas AG has also decided to sue pharmacy chain CVS for similar moves. Like Radio Shack, CVS employees were apparently dumping customer records in the trash where any dumpster diver could have picked up all sorts of useful info (if by useful you mean useful for identity theft). That included all the expected info: name, address, phone number, social security number and credit cards. Of course, since it's a pharmacy, it also included what prescriptions those customers happened to be taking. You would think with a large chain like CVS that protecting customer info (especially what pharmaceuticals customers were taking) would be something that wasn't just important, but was drilled into employees. Apparently not. Does this mean that CVS will now lose 77% of its customers? Somehow I doubt it.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

13 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Michael Kohne, 18 Apr 2007 @ 4:35pm

HIPPA
I bet this is worse for CVS than Radio Shack - CVS has HIPPA rules to follow (you know, that medical privacy law?). I'd be surprised if several other folk don't take an interest in CVS's operations now.
[ link to this | view in chronology ]
insomniac4104, 18 Apr 2007 @ 5:27pm

HIPPA is right
I do database programming for a health care company. I had to go though hours of HIPPA training and pass an exam before I was allowed to even touch a query. Not to mention on top of it we are SOX compliant. If we though out medical records we would have our asses handed to us. We even have strict rules about husban/wife ect in the company because of the ablitlity to look at there healtcare and modify there own claims. How the fu*k did CVS get away with this crap.
[ link to this | view in chronology ]
lavi d (profile), 18 Apr 2007 @ 5:31pm

Good Lord!
I thought when I read the title, "The folks who maintain the Content Versioning System are careless with credit card info? Do they even need credit card info for some reaon?"

http://www.nongnu.org/cvs/

Guess that's what I get for being in front of a computer 16 hours a day.
[ link to this | view in chronology ]
CubFx, 18 Apr 2007 @ 6:27pm

Did anyone say HIPPA?
Aren't HIPPA regulations supposed to protect consumer's health care information? It seems that the disposal of prescription information in an unsecured manner would be a serious violation/

Unlike previous regulations, HIPPA was supposed to have teeth. Where are they?
[ link to this | view in chronology ]
RandomThoughts, 18 Apr 2007 @ 7:04pm

CVS will pay some fines on this one over the prescription information.
[ link to this | view in chronology ]
Jon, 18 Apr 2007 @ 7:46pm

I work for CVS
I am a supervisor at a cvs and let me tell you it is drilled in their heads to not throw it away. If it was happening it should not be on all of cvs but the stores in question. We do not throw any of ours away. All garbage, all receipts, etc get put in a special bag. These bags do NOT go in the garbage. We better never catch an employee throwing this info away in the dumpster because we WILL fire them on the spot.

I hate it when a small number of stores make the whole chain look bad. The store I work at which I can tell you is not in Texas, (I am not surprised it happened in Texas though) is very careful with all information.
[ link to this | view in chronology ]
Nobody Special, 18 Apr 2007 @ 8:09pm

HIPPA
This has a lot of potential for major fines and penalties. I would not be surprised if someone goes to jail for it. If memory serves me correct, the penalty can be $10,000 and 10 years in jail for EACH infraction.

I work doing tech support for a doctor's group. Anything that remotely relates to a patient is to be shredded including prints from test patient records. The cost is negligible compared to the cost of a single incident.
[ link to this | view in chronology ]
Wizard Prang, 19 Apr 2007 @ 7:04am

Just so you know...
... it's HIPAA
[ link to this | view in chronology ]
Anonymous Coward, 19 Apr 2007 @ 7:16am

The fine may be $10,000 and 10 years in jail for each infraction but similar "penalties" are in place for other things but all that ends up happening is that the company pays a simple fine.

Part of the problem is that EACH infraction is considered the act in whole, not EACH individual piece that was thrown out. Personally I think the fines and jail time would have much more impact AND actually get businesses attention if it was for EACH piece thrown out.
[ link to this | view in chronology ]
Witty Nickname, 19 Apr 2007 @ 1:57pm

Re: I Work for CVS
I love how the CVS employee turned a story about Identity theft and carelessness of information regarding his company into an insult to Texans. Yeah, Texans are all dummies, imagine how much better this nation would be without all those pesty companies like Texas Instruments, Dell, Halliburton, Shell, Exxon....

Well, he at least must be really smart, he managed to be an employee at CVS!
[ link to this | view in chronology ]
Jon, 22 Apr 2007 @ 6:07pm

Witty Nickname I'm sorry you took offense to my comments. I did not claim Texans were dumb I said it was not surprising it happened there. The four states things happen that cause big problems (Mainly because of media exposure) are California, Texas, Florida, and New York. I'm sorry if that offended you but you in essence did the same thing by blasting me. You sound to have a problem with the company from your remarks. I just graduated with a bachelors degree and an associates degree so I am not as "stupid" as you are inferring. However in my area jobs aren't abundant and I took what I could get. Being in a management position right after college is not a bad start.

My point was that it is not all stores and the whole chain should not have to suffer for what few stores have done. I also pointed out that we take every precaution at our store not to have this info taken. It is held IN the store at a special location and taken from the store by a truck which then takes it to an area mandated by the state where it can be incinerated. Almost all information goes into this area. Anything that has a customers NAME even goes in these areas.

Once again I apologize if you took offense.
[ link to this | view in chronology ]
Wayne, 25 Apr 2007 @ 10:20pm

I love it!
I have absolutely no idea what y'all are talking about, but whoever the author of this piece is linked "Witty Nickname"(Very first words of this story) to my monthly Podcast(www.waynecast.com). I feel violated. Not really. It's kinda fun. And perhaps I will post this on my waynecast in May. Don't forget to call into the waynecast.com 281-754-4663!!! See ya!!
[ link to this | view in chronology ]
plastic molding, 5 May 2009 @ 7:46am

CATV
After decades of proving that women are equal to men, relationships between guys and girls are very progressive. You’ll usually see China printing men looking after the babies, putting them in prams and taking them for walks while the mum goes off to work and earns the living.” We were introduced to another scaffolding second set of Kiwi pals—Greg and Wendy—through a friend’s of Holly’s from back home in Syracuse.
[ link to this | view in chronology ]