Copiers and multifunction printers and devices have had hard drives since around 2003. Frankly, it’s what allows them to do significant tasks like collating large documents and speeding up the process of printing copies of multi-page forms and papers. But in 2010, CBS News debuted a video that shocked the document management community: Many of the machines on the market stored files on their internal hard drives and these hard drives were removable and accessible by people long after the copiers or MFPs left the office or their leases were up. Hard drive security was virtually nonexistent. In the video, just one warehouse in New Jersey held some 6,000 copiers that might hold some 20,000 documents each. That meant that income tax forms, birth certificates, social security cards and/or other sensitive records. In the video, undercover CBS reporters purchased several copiers and found files ranging from criminal arrest reports to medical records and copies of paychecks with names and addresses. In 2013, one of those health companies, Affinity Health Plan, was charged $1.2 million in a settlement case involving a copier that was part of the CBS report. Storing and erasing sensitive data is now a very real and very important part of any company’s use of a copier or digital MFP.
The lesson here: You’ll want to concern yourself with security and ensure that your unit includes the necessary features to erase the internal hard drive or otherwise encrypt any stored data that may be contained within. This is especially important for federal agencies or anyone who interacts with documents whose disclosure would violate federal mandates or regulations. Here is how you can erase sensitive data from your machine and ensure you’re protected from identity theft or any other data-compromising issues.
Pay Attention to Systems that Use Volatile RAM Storage
Systems that use RAM to store information for basic print and copy jobs don’t need to write that data to a hard drive. When this information is stored in RAM, you benefit from the volatile nature of that storage medium. Turn off the printer and that information is usually erased. This is very much unlike a hard drive, which stores that information until it is erased or overwritten.
Proprietary Systems Help, But They Aren’t Foolproof
Most copiers use non-standard file systems, so that when the hard drives are removed they can’t just be connected to a PC and read like traditional data. That means you get some minimal protection in terms of a normal person’s ability to read a hard drive from a modern copier or printer. This doesn’t, however, protect you from more sophisticated software that is designed to penetrate those simple defenses and retrieve data from various manufacturers’ products.
Using the Encryption Software Options for Erasing Data for Good
Most MFPs include an option, at the very least, for securely erasing data and overwriting the hard disk to prevent theft of information stored during copying and printing tasks. Some of this software involves an instantaneous erase upon completion of a job, while other software (or aspects of the same software package) will rewrite the hard drive multiple times to securely erase data stored on the drive when the unit is sold, serviced, upgraded or replaced. There is also software that ensures your scanned images are encoded as they are written to the drive in order to further protect your sensitive files and data.
Best Practices for Staying Protected
Having security software is a good first step, but that doesn’t equate to actually being secure. First of all, don’t just use your security software when you turn in your copier or printer. Use it daily, or at least weekly to get rid of any accumulated files for good. Make it part of your company’s regular practices and assign someone to this task as part of his or her job description.
You also want to make sure you are completely protected at the end of a lease, when you turn in your copier for extended service, or when you sell it. In these cases, running the security overwrite twice may not be a bad idea. And, if you really want to be certain any sensitive information is destroyed, remove the hard drive and have it destroyed—just be sure to get a certificate of destruction from the vendor. This is a legal document that confirms (via another party) that all materials have actually been destroyed by a document destruction service provider.