Get access to the exclusive HR Resources you need to succeed in 2018.
Sign up for free email newsletters and get more SHRM content delivered to your inbox.
Is your employee handbook keeping up with the changing world of work? With SHRM's Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Build competencies, establish credibility and advance your career—while earning PDCs—at SHRM Seminars in 14 cities across the U.S. this fall.
Gain the skills you need to rise to the next level in your career. Jon us at SHRM's Leadership Development Forum, October 2-3 in Boston.
Members may download one copy of our sample forms and templates for your personal use within your organization. Please note that all such forms and policies should be reviewed by your legal counsel for compliance with applicable law, and should be modified to suit your organization’s culture, industry, and practices. Neither members nor non-members may reproduce such samples in any other way (e.g., to republish in a book or use for a commercial purpose) without SHRM’s permission. To request permission for specific items, click on the “reuse permissions” button on the page where you find the item.
Scores of material is written about protecting companies’ IT networks and safeguarding endpoints, but what about digital copiers?
According to the Federal Trade Commission (FTC), the nation’s consumer-protection agency, your information security plans also should cover the digital copiers your company uses. If the data on your copiers get into the wrong hands, it could lead to fraud and identity theft.
“The hard drives in digital copiers are capable of storing personal and proprietary information contained in the documents they copy, fax and e-mail,” said Al Saikali, a certified information-privacy professional and partner in the Miami office of Shook, Hardy & Bacon LLP. “Organizations should take steps when purchasing, maintaining and disposing of their copiers to ensure that the data stored on the copiers is secure,” he told SHRM Online.
Depending on the information your business stores, transmits or receives, you also may have more specific compliance obligations. For example, if you receive consumer information, like credit reports or employee background screens, you may have to follow the FTC’s disposal rule, which requires a company to properly dispose of any such information stored on its digital copier, just as it would properly dispose of paper information or data stored on computers. Similarly, financial institutions may be required to follow the Gramm-Leach-Bliley Safeguards Rule, which requires a security plan to protect the confidentiality and integrity of personal consumer information, including information stored on digital copiers.
In a typical large organization, copy machines are often leased, returned and then leased again or sold, Saikali said. As a result, there is a good chance that an unauthorized third party could access the information stored on the machines’ hard drives.
Whether a particular copier saves every digitized document depends on the brand and how it is configured. The important takeaway is that managers communicate with their copier provider and understand how to protect their data.
Secure Your Copier from Beginning to End
The FTC recommends that businesses build in data security for each stage of the copier’s life cycle: when planning the acquisition of a device, buying/leasing the device, using the device, and returning or disposing of the device.
These guidelines include:
Make sure the business allows you to wipe the hard drive before returning the machine or, better yet, allows you to keep the hard drive at the end of the lease. Another layer of security that can be added involves locking the hard drive using a passcode. This means data are protected even if the machine’s hard drive is removed.
Don’t Do It Yourself
The FTC cautions companies against removing a digital copier’s hard drive. Hard drives in digital copiers often include required firmware that enables the device to operate, the agency said. Removing and destroying the hard drive without being able to replace the firmware can render the machine inoperable, which may present problems if you lease the device. Also, hard drives aren’t always easy to find, and some copiers may have more than one. The FTC advises businesses to work with skilled technicians, rather than removing the hard drive themselves.
Roy Maurer is an online editor/manager at SHRM.
Follow him on Twitter @SHRMRoy.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Please sign in as a SHRM member before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Become a SHRM Member
SHRM’s HR Vendor Directory contains over 10,000 companies