While you’re busy making sure your business data is safe by encrypting your wireless network, sending e-mails over a secure connection, using a business-class firewall and storing your backups in a highly secure remote location, what are the chances that you’re still putting your information at risk?
It turns out that nearly every digital copier made since 2002 stores a copy of every image it copies on an internal flash or hard drive. These hard drives don’t have an endless amount of memory, so over time, they’ll overwrite old files with new ones. But still, the fact remains that if you’ve recently copied confidential company documents, images of those documents are living inside your copier. And that means they’re available to anybody who buys your used copier through a warehouse or reseller that hasn’t bothered to wipe your drive.
So what to do about this problem? Just be aware that, before you retire or resell your copier, it’s your responsibility to get confidential information off its hard drive or risk the consequences — which could be anything from having your data sold to identity thieves to finding your company in breach of major privacy regulations, such as HIPAA, FTC or your state’s personal information privacy law.
We’re in New York, and violating New York state law would require reporting the information exposure to the state Attorney General, notifying all the persons identified in the information, and would likely result in some pretty serious fines. Chances are there are similar consequences in your state.
According to CBS News, which did a big story on digital copiers in April 2010, “All the major manufacturers told us they offer security or encryption packages on their products.”
In other words, while data protection is your responsibility, manufacturers are trying to do their part to help (even if they aren’t always screaming it from the rooftops). The amount you’ll have to pay for security and encryption add-ons varies by manufacturer, of course, and there are also third-party security providers who sell software that will wipe your copier’s drive for you.
The bottom line: It will cost you some money to make sure you’re not giving away data along with your old copier. But when you consider the alternative — allowing digital scans of paycheck stubs, employee Social Security numbers, bank routing numbers, and the kind of information that digital thieves could resell for top dollar — it’s worth it.
And while we are discussing hard drives lets not forget your old desktops and servers. There are many people and CMIT locations very focused on recycling of old PC equipment. (I have been doing this since his days in corporate in fact.) And while these programs reduce waste and pollution, and in some cases employ the handicap, the risk of data theft still exists. The solution is similar to the copier problem, and maybe even easier to solve.
Before you turn over a PC or server to a lease company, IT person or recycling program you must remove the data on the drive using proper department of defense (DOD) rated software, or physically destroy the drive. Some shredding firms now offer hard drive shredding on a per drive basis. When they arrive to pick up your paper they simply take the hard drives and run them through shredders that can handle metal. DOD software is available for purchase, or you can ask your IT person to handle this before the hard drives leave your location.
Solutions for each of these should be planned in conjunction with your technical advisor. If you would like a free consult with a CMIT expert please visit www.cmitsolutions.com to find a location near you.