Serious question for those of you who work at large corporations....

We were informed LATE today, that we are supposed to
"purge" all paperwork containing customer financial
information.

For 6 years, I have been keeping records of financial
transactions in my file. Credit card numbers were
typically included on the front page of all contracts
paid by credit card. If deposits were made by check,
we copied the check and kept it in our files.

About 6 months ago, we converted to a "paperless"
system, and we now must electronically approve every
credit card transaction and get an approval number,
which is included on the contract.

We were told today that we may not make copies of
checks. We have been told to clean our desks of all
paperwork that does or MAY contain financial information
BY MONDAY.

My company has offices in 48 states, and we were told
that this is a corporate order. Shredders will be on site
Monday.

My question is, are any of you folks going through or
have you already gone through this "purging" of financial
information?

Management claimed "the banks" were making us do this.
Its a pain, because I either have to dump ALL of my files
(my only protection in case I get accused of an error),
or I have to go through THOUSANDS of files on my customers
and pull out anything with copies of numbers or checks.
And most of the stuff is stapled in packets.

:puke:

I'm just trying to figure out if this is
going on around the country, as a "fraud
prevention" measure, or if something is
going to go down (as in our company being
purchased by another entity, or something
equally unlikely....)

from your company on why exactly you are being asked to do this.

I do not want to raise any undue alarm...but I was in a situation where I narrowly escaped being held personally responsible for actions taken by my company.

My company directed me to shred records.

I took them home instead.

its because of credit fraud.
That we can't have these bank
and credit card numbers accessible.

This wasn't a problem until now.....

I know from experience that you personally can be held responsible in a court of law for doing something on the behalf of your employer that you should have known was wrong.

So, if it smells funny at all to you...don't do it, but say you did. That's why I took the records home. I knew why they were asking me to destroy them, but I didn't want to lose my job. So, I snuck them out a little each day, in case push ever came to shove.

Thanks for the info...I haven't done
anything illegal (that I know about)....

It make me really nervous that I can't
keep files anymore...everything is done
on laptops and sent immediately. We could
be walled off from copies of things that
we need to prove we entered the correct
information. My paper copies have saved
my butt in the past when customers or
corporate have disputed my paperwork.

I really wonder if other companies are
this paranoid about financial info in
their files.....

You may be able to get big bucks if you become a whistle-blower...

I tend to be paranoid about big corporate stuff like that.

At the same time, there was what seemed to be a pretty damn universal breach of card numbers here fairly recently, which seems to have really put the fear of god into a lot of financial institutions. Though I am scratching my head, one of my recalled Card numbers (credit union check card, no less) I used literally only one time in the 3 years I had it, and that at the local branch of the CU. I have also noticed that where I normally get about 50/50 checking on my "see ID" marked cards, for the last 2 weeks its been near universal. Could just be coincidence.

Maybe the banking/credit card industry
is finally cracking down on the fraud....

I mean, they have been taking a huge publicity hit for months now. Who in the public is really going to distinguish between the financial institution that foreclosed on their brother, the one that charges their neighbor huge fees for over-drafting, and the one that lost their credit card number to potential identity thieves? And given the number of cards from diverse sources that seem to have been effected, it must have been one massive breach.

If the issue simply involves credit card numbers, this may be a legitimate request in an attempt to avert identity theft now that you have gone to an electronic system.

Maybe the banks do not want the numbers laying around in a hard file....similar to what was said above.

I'm really ticked off at the Monday deadline, as
most of my co-workers weren't even around at the
end of the day on a Friday, and will most likely
be informed via e-mail over the weekend.

(Sorry if you answered this above already)

Although they vomit e-mails all day long....

I expect there will be an e-mail sent out
this weekend.

One of the managers told me... "Oh, the
west coast "purged" a month ago...they were
horrified that we still had stuff on-site."

Something in writing would seem appropriate....

we've had this stuff around for YEARS,
why does it have to be destroyed, like,
yesterday all of a sudden?

and I can't say that I blame you.

It is hard to give advice on complicated issues on a message board...just use your intelligence, ask questions, and be careful.

as my employment is tedious at best. My wife though works for a very large corporation and I know she hasn't gone through anything that you have detailed out in your OP. The only instance of transgression that she has witnessed this year was extreme, hard, and very cruel layoffs.

I can't believe in this day and age you've been allowed to keep sensitive confidential financial information about your customers on your desktop and on paper. This is an enormous risk. Your company will lose its PCI compliance (Payment Card Industry) and the credit card companies are probably threatening to stop doing business with you. If any of your customers live in California or Massachusetts you are violating state law and are liable for prosecution.

If this information is on your workstation it can easily make its way onto a thumb drive or laptop which can be stolen. Your new system probably has controls where this data cannot be downloaded or even sent to a printer. This is for the privacy and safety of all your customers.

You should comply ASAP and encourage all your co-workers to do the same!

Don't make blanket statements without having the full picture.

As stated, its a giant red flag in any audit. These laws are meant to protect you and me. Normally you're given up to two years to attain compliance, however.

Anytime an employee is asked to destroy records, the request should be in writing, and the records in question should be detailed...for the employee's protection.

Hard to tell with limited info...

The documents should be scanned before they are destroyed. That in and of itself may violate laws. They should request an official memo from the Security & Compliance office.

I'm just a little antsy when it comes to shredding documents based on a bad personal situation.

We didn't have computers until 6 months ago,
and we never enter that info onto them.

Are all businesses subject to these rules
and how long have they been in effect?

I don't have any customers in Cali or Mass,
but that is probably what they meant by
"the west coast" having "purged" months ago....

On edit: We have never entered
financial info ONTO the computers...

California passed its law 2-3 years ago and Mass about 1-2. Several other legislatures have bills pending. PCI compliance came out about 4-5 years ago but I think it only applies to electronic systems. Computerizing these records allows the company to enforce security policies and audit them. It's a good thing. Please help keep our private financial information secure!

When the contracts were scanned in at
corporate, the areas where we wrote the
credit and check info was "black-barred"
out.

We made copies of the actual contracts
before they left the office, for our
own files, and these are what we are
being told to destroy or remove.

What are the rules for companies that
do NOT digitize their contracts?

It happened when you scanned them. If you didn't black out the CC numbers then it is the software that is hiding it from you when you view it on the screen or print it out. That is a best practice. If they are all scanned and in the system then there is NO need to hold on to paper copies. It's a risk.

were all scanned-in in "corporate" until we
got laptops and started creating digital
contracts (just within the past couple of
months).

The original paper contracts contained
all of the purchase information and
financial info on the same form.

We (sales) hold on to the paper copies because
we sometimes have disputes with corporate
over who is responsible for screw-ups.
I have had to consult the originals many
times in the past when corporate tried to
claim that I had made a mistake. The "originals"
are sometimes unavailable on the computer
when we need them....

your best bet is to go through all of your files and just selectively pull out the financial information they want you to delete. That way, you get to keep the contracts but you are also in compliance with the edict from corporate. It sounds to me like your paper copy is important to you. Not fun I know but sometimes you have to do this stuff.

its just the cruddy management in my office...

they should have given us a little time.