Purge data from photocopiers on disposal to avoid data leaks

A CBS report earlier this week talked about the information that is contained on photocopier hard drives, and how it is there for the taking on used machines.   Many people don't realize that when photocopiers changed from analogue to digital technology several years ago, they work by storing print and copy jobs on internal hard drives.   That's why, for example, when you make 10 photocopies, it scans the original only once, then prints the 10 copies.

Those hard drives store a vast history of whatever documents have been copied, printed, scanned, or received or sent by fax on the machine.

So when one gets rid of a photocopier, those documents, and whatever confidential, sensitive, or personal information is on them, goes with it.   It is important to deal with that so the information cannot be published or get into the wrong hands.

So what should organizations do?

If you are throwing out an old copier that you own, the most effective thing is to remove the hard drive and destroy the platters within it.  Destruction to the "smithereen" level is required.

If you are selling the copier, or if it is going back to a copier company as a trade-in, or at the end of its lease, talk to the copier company.   The most reliable option is retrieving the hard drive before it leaves your premises and destroying it - with the understanding that it will require a new one to be used.

If that's not practical, hire someone to wipe the drive before it leaves, or get written assurances from the copier company that they will wipe it immediately - preferably before it leaves your premises.

Keep in mind that merely "deleting" files from and memory device is not enough.  That still leaves the actual files there.  

Also that this issue is not just for photocopiers.   It applies to any digital device with memory - such as cell phones, jumpdrives, and that new iPad.   Almost everything is digital, and a computer these days.

For more detail on this issue, see an article I wrote  a while back,  this "secure destruction fact sheet" by the Ontario Privacy Commssioner, and these "Guidelines for media sanitation" by the National Institute of Standards and Technology, which was based on work funded by the US Department of Homeland Security.  (Both of those are pdf files.)