No HR professional is exempt from the planning.
Take the work out of creating and maintaining an employee handbook.
SHRM Seminars will host HR education every month in San Francisco this fall! Select the program that meets both your scheduling and development needs.
Join us, September 27 - 28.
Scores of material is written about protecting companies’ IT networks and safeguarding endpoints, but what about digital copiers?
According to the Federal Trade Commission (FTC), the nation’s consumer-protection agency, your information security plans also should cover the digital copiers your company uses. If the data on your copiers get into the wrong hands, it could lead to fraud and identity theft.
“The hard drives in digital copiers are capable of storing personal and proprietary information contained in the documents they copy, fax and e-mail,” said Al Saikali, a certified information-privacy professional and partner in the Miami office of Shook, Hardy & Bacon LLP. “Organizations should take steps when purchasing, maintaining and disposing of their copiers to ensure that the data stored on the copiers is secure,” he told SHRM Online.
Depending on the information your business stores, transmits or receives, you also may have more specific compliance obligations. For example, if you receive consumer information, like credit reports or employee background screens, you may have to follow the FTC’s disposal rule, which requires a company to properly dispose of any such information stored on its digital copier, just as it would properly dispose of paper information or data stored on computers. Similarly, financial institutions may be required to follow the Gramm-Leach-Bliley Safeguards Rule, which requires a security plan to protect the confidentiality and integrity of personal consumer information, including information stored on digital copiers.
In a typical large organization, copy machines are often leased, returned and then leased again or sold, Saikali said. As a result, there is a good chance that an unauthorized third party could access the information stored on the machines’ hard drives.
Whether a particular copier saves every digitized document depends on the brand and how it is configured. The important takeaway is that managers communicate with their copier provider and understand how to protect their data.
Secure Your Copier from Beginning to End
The FTC recommends that businesses build in data security for each stage of the copier’s life cycle: when planning the acquisition of a device, buying/leasing the device, using the device, and returning or disposing of the device.
These guidelines include:
Make sure the business allows you to wipe the hard drive before returning the machine or, better yet, allows you to keep the hard drive at the end of the lease. Another layer of security that can be added involves locking the hard drive using a passcode. This means data are protected even if the machine’s hard drive is removed.
Don’t Do It Yourself
The FTC cautions companies against removing a digital copier’s hard drive. Hard drives in digital copiers often include required firmware that enables the device to operate, the agency said. Removing and destroying the hard drive without being able to replace the firmware can render the machine inoperable, which may present problems if you lease the device. Also, hard drives aren’t always easy to find, and some copiers may have more than one. The FTC advises businesses to work with skilled technicians, rather than removing the hard drive themselves.
Roy Maurer is an online editor/manager at SHRM.
Follow him on Twitter @SHRMRoy.
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Join SHRM's exclusive peer-to-peer social network
SHRM’s HR Vendor Directory contains over 3,200 companies