Loading articles...

White Rock shredding company investigated after leaving confidential medical, financial records exposed

Last Updated Mar 7, 2019 at 5:35 pm PDT

Scans of passports and SIN cards have been discovered -- in tact -- in publicly accessible, unlocked bins in a Surrey parking lot belonging to Shredwise.

Shredwise has been storing in-tact documents inside bins in a trucking parking lot

A whistleblower tells NEWS 1130 they are concerned about how their employer is handling private information

The National Association for Information Destruction is investigating the privacy breach

SURREY (NEWS 1130) — Scanned copies of passports and SIN cards, biopsy results, blood tests, uncashed cheques, credit card statements and insurance records — some of people’s most important, private information destined for the shredder were not destroyed.

NEWS 1130 has discovered these confidential documents have been sitting intact in unlocked bins owned by White Rock company ShredWise inside a shared, open truck parking lot about 100 feet from Old Yale Road in Surrey. Of 44 bins on the site this week, 17 contained private documents that had not been shredded.

18 of 44 bins owned by Shredwise were discovered to contain in-tact, confidential documents when NEWS 1130 visited the storage site this week. (Lauren Boothby, NEWS 1130)

The location is easily accessible to the public, is not patrolled by security guards and the parking lot gate is frequently left open and unlocked.

J Doe*, a whistleblower who does not want to be named for fear of retribution, tells NEWS 1130 they are seriously concerned about how their employer is handling private information.

It’s information that could destroy lives, Doe says.

“It doesn’t matter how old the documents are, it has people’s personal information. It’s wrong, it’s wrong on so many levels,” Doe says. “These companies like ours come in, and you think your stuff is safe, but it’s not. It’s sitting right here in the public.”

ShredWise trucks parked in a Surrey parking lot, beside bins. (Source: Submitted)

VISA documents, a detailed description of surgical procedures, prescription bottle labels, STI blood test results, and biopsy results indicating a woman has breast cancer are some documents Doe has discovered left inside unlocked bins.

“We even have someone’s HIV results. That’s pretty sad,” Doe says. “I wouldn’t want anyone knowing that information, nope. But somebody dropped the ball, and that ball ends with us. We’re the company that was hired to destroy those documents and we’re not doing that.”

Faulty equipment to blame

ShredWise is a mobile shredding business. The company uses trucks with onboard shredding equipment that make regular pick-ups. Customers include government offices, banks, doctor’s offices, pharmacies, and legal offices.

WATCH: Video produced by ShredWise about their shredding equipment

But sometimes the shredding equipment breaks down mid-route.

“They still want to be able to complete the route and get the customer’s consoles emptied, and so they empty it like they normally would into their bags — you don’t know anything different,” Doe says. “They take that bag, instead of dumping into the shredding component, which is now broken down and you’re not aware of it. They just put the whole bag into the back of the truck.

“They bring it back here and we dump it in these bins, and then we’ll shred it on Saturdays. So the paperwork sits here for a full week.”

Doe says trucks can store sometimes 20 to 40 bags of documents which are left in the back of the truck.

A broken ShredWise bin sits in a parking lot in Surrey. (Lauren Boothby, NEWS 1130)

Company under investigation by NAID

ShredWise is now under investigation by the National Association for Information Destruction (NAID), an industry group based in the United States with no legal power, after being approached about the business’ practices by a whistleblower.

ShredWise is not certified by NAID, however, it is a member of NAID and the company’s CEO, Tino Fluckiger, is on NAID’s board of directors.

He has been put on administrative leave from the board until the investigation is complete.

Robert Johnson, CEO of NAID, says if the allegations put forward are true, he would be “horrified.”

“I received a phone call and some subsequent photographs from a whistleblower. Of course, I found them extremely troubling,” he says.

There have been past cases where NAID members were not properly handling information.

“In any case where it happens, I am horrified and disgusted that someone would prey upon the ignorance of their clients and not deliver the security that they promised,” he says.

Privacy breach believed to be ’employee issue’: CEO

Fluckiger has responded to allegations raised by the whistleblower, and blames the privacy breach on “an employee issue.”

He has refused a request for an interview, but in an email statement said his company is conducting an internal investigation and believes it is an isolated issue.

“This is not part of our normal protocol when handling our customers’ documents as an on-site document shredding company. We take this situation very seriously, and are working with any customers that may have been impacted by this one-off incident, to remedy the situation and contain any damage. We want to assure our customers that we are 100% committed to taking all necessary steps to ensure this situation does not arise in the future,” reads the statement.

However, according to the whistleblower, it’s the company’s process that is to blame.

“Employees can be terminated for failing to shred documents or for getting documents behind, yet its okay for them to bring bags here because owners want to take shortcuts, and just keep the truck running, and get the customer serviced and don’t worry about anything else —we’ll deal with it later,” Doe says.

“Well, a minute later is too late, because it doesn’t take long for me to run off with your bank account number.”

Regulation needed: whistleblower

Doe has come forward because they say they are deeply concerned about privacy.

“The government needs to get involved. There needs to be tighter regulations. There needs to be inspections. There needs to be spot checks,” Doe says. “Look at properties companies are renting — are they secure? We don’t even have security here. Not a single security guard. A camera? That’s not going to identify much. We’ll see that somebody took it, but other than that, it’s information out the door.”

Doe says they don’t want to be part of a broken process, and suggests people take steps to ensure their own security by shredding sensitive information themselves.

“I don’t want to see people that could be affected financially. Whether it’s banking information or medical records, income taxes, notary forms, all this stuff is getting shredded for a reason. There’s a security aspect behind it, and in today’s day and age, you know you’ve got to be on top of your personal protection for documentation and identity theft,” Doe says. “If you’re not doing it and you’re hiring it out to have someone else do it for you, this proves that that doesn’t work. The only way you can secure your own identity theft is by doing it yourself at home.”

*The name of the whistleblower has been changed to protect them from retribution by their employer.