Texas AG Charges Rehab Facility With Unlawfully Dumping Client Records

Allegedly dumped bulk client records containing personal and medical information, in publicly-accessible garbage containers.

by / September 29, 2008

Texas Attorney General Greg Abbott today charged Treatment Associates of Victoria Inc., with violating the Texas Identity Theft Enforcement and Protection Act. According to court documents, the San Antonio-based drug testing and rehabilitation facility violated a state law that requires businesses to protect their customers' sensitive information.

The Office of the Attorney General (OAG) launched an investigation after reports indicated that Treatment Associates had unlawfully dumped bulk client records in publicly-accessible garbage containers. According to OAG investigators, the defendant exposed 44 clients' sensitive personal and medical information, including Social Security numbers, private medical history and substance abuse records. The files also contained private information that clients shared during counseling sessions, as well as the personal information of clients' family members and other third parties.


"Identity theft continues to be one of the most devastating white-collar crimes in the country," Abbott said. "This defendant faces severe penalties for failing to protect its clients' sensitive personal and medical information. The Office of the Attorney General will continue working to protect Texans from identity thieves."

Treatment Associates is charged with violating provisions of the 2005 Identity Theft Enforcement and Protection Act, which governs how businesses dispose of their clients' sensitive personal information. Under the Act, the OAG may seek civil penalties of up to $50,000 per violation. The defendant also faces civil penalties of up to $500 for each abandoned record under Chapter 35 of the Business and Commerce Code, which requires businesses to develop retention and disposal procedures for their clients' personal information.

Attorney General Abbott also charged Treatment Associates with violating the Texas Deceptive Trade Practices Act (DTPA) and the Texas Health and Safety Code for failing to protect clients' medical privacy. The OAG may seek penalties of up to $20,000 per violation of the DTPA and up to $25,000 per violation under the Health and Safety Code.

Attorney General investigators are working to determine if any exposed data has been used illegally. Clients who interacted with Treatment Associates should carefully monitor bank, credit card and any similar statements for evidence of theft. Customers should also consider obtaining free copies of their credit reports at www.annualcreditreport.com.

Today's legal action is the latest in a series of efforts by Attorney General Abbott to combat identity theft in Texas, a state the FTC ranks as No. 4 per capita in the incidence of the crime. In 2007 and 2008, the OAG filed several enforcement actions against vendors that carelessly and unlawfully disposed of confidential records containing customers' personal information. The OAG has obtained more than $2.6 million in civil penalties for future identity theft prosecutions and reached agreements with several businesses to improve their document disposal systems and protect their customers from identity theft.

Abbott also launched a consumer-friendly Web site to help Texans prevent or minimize the damage from identity theft. The site includes helpful resources, including the Identity Theft Victim's Kit, which offers a step-by-step priority checklist that victims can use as soon as possible to prevent further damage.

Anyone who encounters a business exposing records with personal information, such as Social Security numbers, may call the OAG's toll-free complaint hotline at (800) 252-8011 or file a complaint online.