Not to Beat a Dead Digital Copier, but…
Rich Melville, Litigation Support Manager for Maynard, Cooper & Gate, PC in Birmingham Alabama wrote an excellent post for Law.com titled “Are Digital Copiers Targets for E-Discovery?” based upon the CBS News report about the fact that images of documents that were copied or scanned were found stored on hard drives of discarded copiers.
After conducting his own research (actually removing the hard drives, obtaining software, etc) he concluded that in the area of e-discovery, that the CBS News report was much ado about nothing. He based this conclusion on the difficulty of parsing out the documents that would be pertinent to the matter being litigated and also the fact that the very nature of a digital copier is to make copies of images that exist in another format, therefore having a corresponding original which can be “discovered”.
That being said, there is still the issue, which has been previously addressed on this blog this past May 2010, that steps should be taken to permanently delete or destroy the hard drives on digital copiers that are being discarded by your Firm. Digital copiers are just as much a data source as a laptop or a server, so keep that in mind when switching out old machines or when the time comes to produce e-Discovery data.
Follow-Up: Are Your Fax Machines Holding Confidential Images?
With the recent attention on copier hard drive security and the potential for confidential information to fall into unfriendly hands, our clients are asking the next logical question: if my copiers are storing confidential information, what about my fax machines?
Industry best practices tell us we should not be using facsimile as a means of transmitting or receiving confidential client information, unless both the sending and receiving devices are equipped with sophisticated (read: expensive) encryption equipment. This has become industry standard in businesses like law, medicine, banking and human services that maintain a great deal of personal information. But can that information be harvested for criminal purposes after you dispose of the fax equipment?
The quick and most probable answer is “no”. Fax and copier technology, while similar in some aspects, are quite different when it comes to processing images. Copiers or MFDs use a hard drive (HDD), much like the one in your computer, to store images for copy, print, scan and fax. These images remain on the hard drive until it is full, then the copier overwrites the old images with new images. Depending on the capacity of the hard drive, images can remain there indefinitely, or until erased – we have addressed that potential vulnerability in an earlier blog. Most fax machines do not use a hard drive to process images, instead they use RAM (Random Access Memory) to store and process each job. Once a fax job is complete, the machine overwrites that job with the image from the next job. So, at any time, the only image stored in the fax machine is the image from the last job (either sent or received). The key difference here is that RAM only retains that image when the machine is powered “on”. Once the machine is turned “off”, or you have a power outage, the RAM memory is lost.
We recommend having your office services staff periodically power down the fax machines to automatically erase any latent images. In any event, when it comes time to dispose of the fax machines, any stored information will be erased as soon as the machine is unplugged. You may have noticed that the last paragraph said “most” fax machines do not use hard drives. We highly recommend you consult your equipment dealer to confirm this is the case with your particular brand(s) and model(s).
As always, feel free to contact Mattern & Associates if you have any questions.
Reduce Printing Costs
What if you were made privy to a few simple steps that could save your firm a lot of money. Would you put them to use? Of course you would! Vince McHugh of The Connected Copier provides a few tips as to how you can do just that by implementing simple strategies to reduce your printing costs.
A few of Vince’s ideas include:
1) Set all of the MFDs to default to B&W
2) Set both the printing and the copying on your MFDs default to double sided
3) Implement Rules Based Printing allowing you to set rules to different printing situations
Click here to read McHugh’s entire post on ways to reduce your firm’s printing costs.
MFD Hard Drive Security and Your Firm’s Data Security Policy
Much has been written lately about the issue of the hard drives on discarded multi-functional units and the ability for third parties to retrieve documents after they have been discarded. In light of the recent press, many firms are taking a closer look at their data security policies and procedures. As we have stated in previous blog postings, there is little to be concerned of if you are dealing with a reputable dealer or manufacturer.
That being said, many of our clients have expressed a desire to have a more formal process in place or equip their equipment fleet with the necessary software to cleanse their hard-drives on a regular basis. If this is your firm’s desire, and Mattern & Associates was involved in the negotiation of your equipment or outsourcing contract please contact us and we will make the necessary arrangements to put these procedures in place.
It doesn’t matter how long ago these contracts were negotiated, or if you retained Mattern for Phase III – Monitoring and Maintenance. If we were involved, we will assist you in addressing this issue.
If you are interested in exploring your options, please contact Brady Schoenrock of Mattern & Associates at bschoenrock@matternassoc.com or 610-459-7750.
Your MFD Fleet May Hold a Treasure Trove of Confidential Information for Identity Thieves
Every time you use an MFD to copy, scan, print, fax or email, the hard drive built into the machine saves an image of your job. Once your lease term ends or you trade in for a new fleet, those machines make their way to one of many warehouses across the country, where they are either broken down and recycled or resold.
Here is where the potential problem lies.
If your Firm regularly deals with documents containing personal information, chances are images of those documents still reside on the MFD hard drives. Identity thieves now see the used copier market as a prime hunting ground for valuable information. A copier purchased for $200 can yield thousands of records containing personal information such as social security numbers, medical information or financial account numbers.
Some government entities have reacted quickly to this threat. The Commonwealth of Massachusetts recently enacted MGL c. 93H; 201 CMR 17, a law written to protect the personal information of residents of the Commonwealth. The law contains provisions for the protection of personal data that is stored or transmitted over computer networks – that includes transmitting a print request over your network to a printer or MFD. Add to this the aforementioned MFD hard drive implications, and suddenly we have a potentially serious issue for any entity storing or working with the personal data of any resident of the Commonwealth.
Certainly, if you are operating a law firm or business in a state such as Massachusetts that has legislation enforcing data protection, you need to be especially aware of where your (and your clients’) data is being stored and whose hands it falls into after your machines leave your building. In any case, lawyers have a duty to protect their clients’ information in every state, so this is not a time to put your head in the sand and hope for the best.
Ask your MFD suppliers to explain how the hard drive from your previous machine will be removed, and either delivered to you or destroyed effectively to protect your Firm’s confidential information. Protect yourself, protect your clients, and make sure that you are in control of your Firm’s own data.
