FTC Guidelines for Securing Digital Copiers

Monday, January 03, 2011

David Navetta


Article by Richard L. Santalesa

The Federal Trade Commission (FTC) recently released a new publication in the wake of numerous news accounts highlighting the potential data security issues posed by modern digital copiers. (See, e.g., Digital Copy Machines Pose Security Concerns, Alburquerque News, July 28, 2010,  available here; Digital Photocopiers Loaded with Secrets, CBS Evening News, April 15, 2010, available here).

In the wake of such reports, various states have considered or passed legislation designed to alert digital copier users of the security risk, as well as, requiring manufacturers and resellers to provide documentation on how to delete stored data on the device’s internal hard drive before a device is decommissioned. (See our earlier coverage of New York's Electronic Equipment Recycling and Reuse Act here).

Now the FTC has stepped into the mix with the release of its publication, Copier Data Security: A Guide for Businesses, available here.

At eight pages the Guide is neither exhaustive, nor highly technical, but it does provide a basic introductory background on basic digital copier operation, lifecycles, encryption, overwriting, simple security tactics and a pointer to the FTC’s more comprehensive publication Protecting Personal Information: A Guide for Business at ftc.gov/infosecurity.

As the FTC’s noted in its announcement accompanying release, highlighted recommendations by the Guide include: Before acquiring a copier, plan to have the information technology staff manage and maintain it just as they would a computer or a server.When buying or leasing a copier, evaluate your options for securing the data on its hard drive – including the encryption or overwriting features that will be used.

Overwriting – also known as file wiping or shredding – replaces the existing data with random characters, so that the file cannot be easily reconstructed.

Take advantage of all of the copier’s security features. Securely overwrite the entire hard drive at least once a month.When returning or disposing of a copier, find out whether it is possible to have the hard drive removed and destroyed, or to overwrite the data on the hard drive.

Generally, it is advisable for a skilled technician to remove the hard drive to avoid the risk of rendering the machine inoperable Seemingly innocuous and common digital copiers once again flag just how many locations potentially sensitive data can be found in a typical business that result in a data breach or inadvertent release or disclosure of protected or confidential information.

To discuss this or other data security issues, feel free to contact me or any of the other attorneys at the InfoLaw Group.Cross-posted from InfoLawGroup

Possibly Related Articles:
Enterprise Security
Risk Management Security Strategy Data Loss Prevention FTC Copiers
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.