Did you know that photocopiers, scanners, printers and fax machines, whether used on their own or incorporated into a multi-purpose machine, retain a digital copy of all the data they process on an internal hard-drive? This wealth of data can be easily hacked through oversight.
Here are some examples of what can happen when data hard-drives are not properly erased and disposed of, especially when electronic equipment is sold or returned to the leasing company.
What happens when data is not secured
In 2010, CBC purchased a used multi-functional copier from a UPS franchise on Kijiji. It was later learned that the copier’s two hard-drives had not been wiped clean before being sold and shipped. One of the hard-drives contained more than 100 files, including copies of income tax returns, health information, a driver’s license, a citizenship card and business documents. [1]
In 2012, a warehouse in New Jersey filled with 6000 used copy machines made headlines when it was discovered that in almost every case the hard drive had not been erased or removed. Almost all of the drives held highly sensitive data, from police crime reports to social insurance numbers, birth certificates, bank records and income tax forms. [2]
In 2013, the U.S. Department of Health and Human Services settled with Affinity Health Plan, a New York-based managed care plan, for violations amounting to $1.2 million. The case related to an incident that affected 344,557 individuals. Their data was discovered on the hard-drives of copy machines that had been returned to a leasing company. [3]
These are just a few examples of what can go wrong when sensitive information is not responsibly removed from data storage devices.
What you can do to secure your data
Make sure you take appropriate measures to protect the data stored in your office equipment, and properly dispose of the data storage devices when replacing your equipment. We recommend these best practices:
- Don’t leave copiers, scanners, printers or fax machines unattended in hallways or unsecured areas accessible to the public. Keep them in a secured location.
- When upgrading your company’s electronic equipment, remove the hard-drives of the machines you are replacing and have them destroyed.
- If the devices are leased or you plan to sell them, include a clause in your contract to retain ownership of the hard-drives at the end of the term.
- If sold, replace the hard-drives with brand new ones before the transaction is completed.
- Erasing data from a hard-drive is not enough. Before handing over any electronic equipment, make sure the drives are physically destroyed, then disposed of according to best recycling practices.
Now that you know what needs to be done at your end to secure your data, make sure you choose a data destruction partner who values your data safety as much as you do. Learn more about the security measures ADL Process takes once you entrust us with your data storage devices.
[1] http://www.cbc.ca/news/copy-machines-spill-identity-secrets-1.867046
[2] https://www.youtube.com/watch?v=8moKFFuM5T8
[3] http://www.databreachtoday.com/12-million-penalty-in-copier-breach-a-5991