20 Jan 2017

Mass mailing mistakes and how to avoid them this tax season


mail theftWith tax season approaching, many businesses are pulling together mass mailings to send out to customers. The information these mailings contain is likely pretty sensitive – names, addresses, social insurance numbers and financial details. You don’t want it falling into the wrong hands!

Every year, a number of Canadians contact our Office to complain because they received sensitive financial information that does not belong to them. A number of businesses also reach out to our Office to report related breaches.

You can take precautions to prevent printing or mailing errors that can cost your customers dearly and tarnish your reputation as good stewards of personal information:

AVOID PRINTING ERRORS

Coding errors are a frequent cause of breach reports to our Office involving misdirected mail. Businesses, and the third parties they outsource printing services to, need to make sure that printers are properly programmed and paper is not misaligned. Failing to do so could result in a customer receiving two copies of their own financial record and a third copy full of personal, sensitive information belonging to someone else.

Have a robust spot-check system in place, especially when outsourcing printing services.

And if a breach occurs, have systems and policies in place to respond appropriately:

CONFIRM DESTRUCTION: If, despite all your safeguards, the sensitive information ends up with the wrong customer, take steps to ensure it is destroyed. Trace the confidential document back to the individual who mistakenly received it. Tell them it was sent in error, that they should not disclose it to anybody else and arrange to have it returned or destroyed. It is in everyone’s interest to confirm destruction of the information and prevent its misuse.

NOTIFY AFFECTED CUSTOMERS: You should tell customers that their sensitive personal information was compromised. This will allow them to monitor their financial statements for unusual activity and to be on the lookout for identity theft. Make sure customers have an easy way to contact you – perhaps a 1-800 number – to discuss concerns. Where appropriate, provide free credit monitoring for a specified period.

PREVENT FUTURE ERRORS: Take the time to review your internal policies and procedures to prevent future errors and improve mitigation efforts when things go wrong. If you outsource printing to a third party, have a robust contract in place with clauses that specify procedures for protecting personal information.

For more tips, have a look at our guidance on avoiding breaches and responding to them when they occur.

You may also wish to have a look at a recent incident summary involving a financial institution that reacted quickly to a mass-mailing error.


Leave a Reply

If you wish to leave a reply, you will be asked to provide your name and e-mail address. Your e-mail address is required for the purposes of limiting spam and contacting you should we have questions about your comment.





To learn more about why this information is collected and how it will be used, please read our Blog Comment Policy.