If you’re one of those who thinks all the talk about privacy and records management disaster preparedness is merely a plot by consultants to rain on your parade, then consider this story from the New York Post of November 7, 2009:

Confetti-crazed Yankee fans in buildings along the parade route decided to use confidential financial documents in place of ticker tape – literally tossing common sense out the window.

While the Downtown Alliance distributed more than half a ton of recycled confetti to buildings, some office workers, in their enthusiasm, dumped entire files over the Canyon of Heroes.

"We're finding pay stubs. We're finding personal financial information. We found a balance sheet of someone's trust fund showing $300,000 in stock," said Damian Salo, 29, an internal auditor attending the parade with friends.

Just another reason to hate the Yankees, I know.

But it also points up the critical fact that nothing is as secure as you think it is. There’s little doubt that the manager of the office from which the aforementioned balance sheet was flung was sure the documents in his or her control were protected. Like as not, they were signed out to a trusted employee, placed on a desk in a locked office suite, and probably marked “confidential” as well. Too bad the desk was near an open window facing the parade route.

Some of the documents came from the Liberty Street financial firm A.L. Sarroff, including their client accounts, with Social Security numbers and detailed banking data.

"They're records that should have been shredded," said firm founder Alan Sarroff. "An overzealous employee threw them out the window. He was reprimanded."

Names are mentioned here not to embarrass anybody, but to point out how this sort of thing can happen to anyone. Documents that “should have been shredded” weren’t – but no one in your office would ever overlook such a critical task, would they? If that were the case, no one ever would forget their keys or lose their wallets, either.

Wanted: Common Sense
The conventional wisdom about how best to protect documents from unauthorized release or loss is centered on developing logical policies and procedures that govern who gets to see or handle what, and when, and why – and in this, it’s not wrong at all. But what too often gets overlooked is the need to further apply a healthy layer of common sense at all times.

It’s not enough to say “we have policies, so we’re covered” and then let events unfold as they may. You also have to look around and take note of things that at first glance are unworthy of note. What could be more innocuous than a pile of papers on someone’s desk near the window? There’s nothing at all wrong with that until “some office workers, in their enthusiasm, dumped entire files [into the street].”

How about a load of paper records destined for storage in a locked off-site facility? Safe and sound, you’d imagine … until it comes to light that the driver was running late, neglected to secure the back of the truck, and the boxes nearest the opening fell onto the highway when the gate flew up. It’s called “human error,” and it happens every day.

Simply paying attention to the practical details is the key to avoiding many such errors – ask any airline pilot, who works through the same tedious checklist to review the same litany of details that must be dealt with every time he or she climbs into the cockpit. The good news is that mistakes in the document world don’t result in crashes. The bad news is that they can and do result in fines, lawsuits, and dismissals, and my guess is that the Sarroff employee mentioned in the Post was glad to escape with merely a reprimand. What was said to the firm by its clients may never be known.

The bottom line is that the best policies and procedures in the world aren’t enough to assure the protection of sensitive documents. Common sense must be applied as well, especially during periods of uncommon stress – like, say, during parades.

Steve Weissman is an independent consultant and industry analyst with expertise in compliance, content, and delivery management. For the record, he’s also a HUGE Red Sox fan.