How to handle an inappropriate disclosure of personal information

Over at eLegal Canton, David Canton is discussing the lessons to be learned from an incident reported on Techdirt about an individual who was sent 34 other credit cards along with his own:

First - as we have seen many times before, a prompt and proper response to any alleged privacy breach is crucial. Every person in every business that has customer contact must be trained to spot privacy issues, and immediately bring them to the attention of the business's privacy officer.

Second - what should be the proper response when something like credit cards or documents with personal information is sent to the wrong person? Is telling them to cut them up or shred them sufficient? Or should they request they be returned? At least if they are returned, the business will know exactly what was sent.

Technorati tags: Privacy :: Personal Information :: incident :: Credit Card