Recently in Disposal Category

It's getting really scary out there: another organization has lost documentation containing Personally Identifiable Information.

The Federal Energy Regulatory Commission (FERC) reported the loss of a binder containing the Personally Identifiable Information (PII) of over 2,800 former employees.  The binder was last used in late February and was reported missing in early March - presumed to be lost during an office move while Human Resources employees cleaned out and disposed of old files from a locked office.

An investigation revealed that the binder was most likely thrown out, therefore a low probability exists that the information within was compromised.  Officials are taking steps to protect the identities and credit information of the people listed within the binder.

So why does this matter to us property people?  Though a binder with paperwork is not normally something we would track in our property control systems, (see FAR 45.101), certainly the fact that the binder contained PII makes it worth keeping special tabs on.  It was in a locked office - great - but it seems like it was a little too easy to just throw away.

In reading this article, I kept thinking about Brandon Kriner's presentation at the recent NOVA chapter seminar.  Though his presentation focused on the importance of having property people work with IT people to track Sensitive Data Storage Devices (e.g. thumb drives), this is essentially the same thing.  In this case, however, it was a binder not an IT device; and it would be the property people working with the HR people to track.  Several questions come to mind here: 

• Who was ultimately responsible for this binder?
• Who had access to this locked office?
• Who made decisions about what got thrown away and what didn't?
• Was there a policy in place whereby people normally had to check out this binder and check it back in?

If I could guess, I would say no one had good answers to these questions.  Had there been a property person who knew what kind of information was kept in that office and what should have happened with that binder, this could have possibly been averted.  I talk to groups of property people often about keeping themselves out of the newspapers by taking pains to track the stuff they care about - surely this binder, with all its PII, fell under that category.

An article in the "Metro" Section of today's Washington Post iterated the importance, should there be any debate, of the existence of a well-maintained and administered property management system to account for property from the "cradle to the grave", or procurement to disposal. Two servers belonging to the D.C. Office of Tax and Revenue, possibly containing personally identifiable information (PII) of D.C. taxpayers, were found in a trash compactor in northwest D.C. It was only a few months ago that this same District office was the focus of the largest corruption scandal in the city, which resulted in the arrests of 10 people for involvement in an alleged embezzlement of over $20 million in property tax refunds.

The million-dollar question now is whether or not those servers were "purposely" disposed of in an incorrect manner (local government offices commonly do not trash large pieces of IT equipment in neighborhood dumpsters) in an effort to hide any information that might be incriminating to those involved in the corruption scandal. Even if that is found not to be the case, this event identifies some serious issues around the accountability for property in government offices. Authorities will need to find out who had access to these servers, what sort of equipment was connected to them, and ultimately, who retained accountability for them. And although a representative from the District's CFO's office maintains that office policy is to wipe confidential data from any drives before giving the machines to another D.C. agency or public school or disposing of them, he can't say whether or not that occurred with these servers, or why their tax office labels were not removed before disposal. The Office of Tax and Revenue may well be able to provide an explanation for the appearance of these items in a trash repository, but it will also need to explain why they seem to have disappeared from the office in a manner that is clearly not in line with standard operating procedures, assuming those procedures actually do exist, and are tightly monitored by property management personnel. 

There are certain functions where property managers and acquisition personnel (i.e., requisitioners or buyers) should interface. One of the more obvious ones relates to receipt of purchased property and subsequent payment. Organizations continue to make extensive investments to integrate their purchase order, property receipt and invoice payment processes. However, the function of internal screening is one that organizations have struggled with. Internal screening is essentially the consideration of property items deemed unneeded by one business unit to be potentially reused by other units within the organization. FAR 45.602 outlines the various inventory disposal schedules property items should be placed through. The disposal schedules, also known as screening periods, outlined in FAR 45.602 include guidelines for internal reutilization and GSA screening. So why has the function of internal screening received such little organizational attention? Who is responsible for instituting internal screening processes? How can organizations invest in and is there any return on investment by strengthening internal screening process? These are literal questions and I would like hear from organizations that have made strides in strengthening their internal screening processes.

What I have observed in many organizations is that property managers do not believe there are internal procurement policies, processes and/or tools to enable the internal screening period. Thus, the internal screening cycle is typically skipped and the property is either directly screened for GSA or donation disposal. Conversely, procurement officials do not believe they have been provided the mechanisms to evaluate property to be reutilized. How can property be considered to be reutilized if is nothing known about it, such as its condition? Procurement officials cannot put their programs at risk by possibly providing inadequate property. So the question remains, if there is no internal mechanism to advertise the property's information and if no one is reviewing internal property for reuse, has it been truly internally screened?

My guess if that instituting policy needs to be the first approach organizations should use to position themselves to comply with FAR 45.602. To be successful, the policy needs to be jointly established within both the property management and procurement offices. It is moot to organizationally approach implementing internal screening processes in a stovepipe manner - no gains can be made unless procurement and property management embrace internal screening as a joint initiative. After instituting policy, organization needs to assess for themselves the value that can be achieved through the reutilization of property. Understanding the value should drive the extent each organization invests in their internal screening processes. Avoiding unnecessary acquisitions and reducing disposal costs are just two cursory examples of its benefits. Some potential initial investments or combination of investments may come in the form of process re-engineering, resources activities and/or technology. I am curious to hear what drivers have lead organizations to refine their internal screening processes. I am also interested in hearing what obstacles or deterrents have kept organizations from making strides.

It seems in this day-and-age there are many incentives to avoid disposing of property unnecessarily. Green initiatives, cleansing sensitive/confidential property, and rising logistical costs (e.g., fuel) are just a handful of reasons that come to mind that should drive an organization to refine their internal screening processes to reflect the guidelines outlined in FAR 45.602.