Sensitive Data on Parade: A Look at the Macy's Thanksgiving Parade

We've all read about the presence of sensitive data which originated from within the Nassau County Police Department and found its way into the confetti at the Macy's Thanksgiving Day parade. We have subsequently learned it was not the parade organizer, Macy's, who included the Nassau County PD's confetti of sensitive documents in the parade confetti, but an employee of the PD. Why? The Nassau County PD employee took the confetti shred from the police department to have their own confetti so as to join in the parade's festivities -- why not, it's a party!

While the policies of the Nassau County PD's data destruction and disposal methodologies are undergoing review at this time, and there will no doubt be an admonishment not to share police department shred. One must ask, if this is the type of shred created by the current shredders being used in Nassau County PD, then they need to go back to the day the shredder was purchased and review their entire pipeline from shredder to disposal, as this type of "exposure" of data occurred in ever shred batch using this low-security "confetti" shredder.

Many may not be aware that shredders have various security levels with the lowest level shredders rated as providing a high probability of ability of reconstructing data with the higher levels (Level 5 and Level 6) creating minute bits of paper shred, that would be appropriate for handling the most sensitive personal or business documents. Keep in mind reconstruction isn't a matter of snapping one's fingers.


The most famous case of document reconstruction occurred during the 1979 Iran Hostage Crisis -- the U.S. Embassy Tehran used strip shredders -- the Iranians were able to bring literally an army of students to bear on the task and successfully reconstructed and published as "Documents from the U.S. Espionage Den."

So what to do?

The shred which appears in the photos on the news, are very similar to the shred I took a picture of and shared above. This shred was taken following opening a "shred bin" that I had arranged access. As you can see the document has readable content. In my opinion, this type of shredder is fine for home and small/medium office use, providing that shred is appropriately discarded; in my house, we use a shredder which produces slightly smaller shred (Level 4) and I use the shred as "fire starter" for the fireplace or include it in the compost from the horse's manure -- in the former the shred is gone in seconds, in the latter, in a few days (horse manure composts hot). This level of shredder will run you from $150-500, depending on capacity and manufacturer. The level shredder you wish to obtain for truly sensitive data, such as those maintained by law enforcement or governmental entities is a Level-6 shredder, which run approximately $4,000-5,000. You may also wish to consider a disintegrator, which are very pricey, but turn paper into dust and does not allow for reconstruction.

The important take-away -- use the shredder that is most appropriate for your needs, understanding that reconstruction is possible (you work out the probability) for the low end.

Here is the WPIX exclusive coverage on the incident:

For additional reading:

BBC: "Who, What, Why: How do you reassemble shredded documents?"
WPIX: "PIX11 EXCLUSIVE: Nassau County POLICE EMPLOYEE Brought Classified Confetti to Thanksgiving Parade"
WPIX: "PIX EXCLUSIVE: Confidential Police Docs Found in Macy's Parade Confetti Spark Investigation"

*Image is author's own.