Warning: Copiers Have Long Memories

(from Maine Townsman, June 2010)
By Geoff Herman, Director of State & Federal Relations, MMA

CBS News aired a story six weeks ago that caught the attention of municipal officials around the country.

Advancements in photocopier technology implemented eight years ago introduced a new element in the process of reproducing a document that did not exist prior to 2002. In at least some of the photocopiers put into service today, there is a “hard drive” device that keeps a digital record of each document that is copied or scanned by the machine, where it can remain forever until the hard drive is “over-written,” scrubbed or destroyed.

Until recently, the fact that the photocopied documents might be permanently etched into digital storage was not widely known. Consequently, when those hard-drive machines are finally replaced and shipped to companies that re-sell or recycle used copiers – or when those leased photocopiers are returned to copier leasing companies – a digital record of all those photocopied documents goes with them. That, in turn, means the stored documents can be subsequently retrieved, reviewed and reprinted by anyone who wants to spend as little as a few hundred dollars for a used machine at the salvage yard.

The CBS story depicted this new-technology phenomenon as a potential gold mine for identity thieves and credit card scammers and a potential mountain of liability for employers, governments, insurance companies and others who have strict obligations to hold certain information about their employees, clients and customers in confidence.

To test the potential for accessing these confidential data sources, CBS purchased several randomly selected machines from a wholesaler and began mining their hard drives without even knowing where the photocopiers had served their useful lives. It turns out that the first two machines inspected came from the City of Buffalo, New York, and yielded thousands of classified police documents, city employee pay stubs, copied checks, social security numbers and bank account information.

Another machine came from an insurance company and linked specific individuals with their personal medical records, blood-test results and disease diagnoses, all of which are confidential records according to any number of state and federal laws, including the federal government’s Health Insurance Portability and Accountability Act (HIPAA).

Municipal concern

Municipalities should also be concerned about inadvertently releasing such confidential records as General Assistance or Poverty Abatement applications, protected personal information in an employee’s personnel file, or documents in the economic development office that are expressly subject to proprietary confidentiality.

David Palmer is the Vice President of Sales for Transco, which is the Augusta-based company that provides photocopier management services to the Maine Municipal Association. MMA asked him how a municipality might best protect itself from inadvertently allowing confidential documents or information getting into the wrong hands as a result of the new photocopier technology.

His core piece of advice is that any municipality replacing a photocopier should take the steps any reasonably prudent person would follow if they decided to give their home computer to strangers. The specific advice is as follows:

Know your photocopiers

It turns out that not all modern photocopiers use this hard-drive technology.

• Some photocopiers utilize the hard-drive technology and advertise the “benefits” of keeping all your photocopied documents in storage for possible retrieval.

• Other photocopiers use the hard-drive technology simply to produce photocopies, but the document-retention “benefits” are not advertised and you may not, as an owner, be aware that the photocopies are being stored.

• Still other photocopiers use a different scanning-and-reproduction technology that includes neither a hard drive nor the potential for document storage.

• For all photocopiers that have a document-storage capacity, consider one (or all) of the following options:

The “Over-write” Function

According to Transco’s Palmer, many hard-drive photocopiers come with a pre-installed over-write function designed to block document retention on a document-by-document or periodic basis. If your photocopier has a hard drive but no over-write function, that technology can be installed.

The over-write function allows the user of the machine to block the hard drive from storing a digital record of a particular document being photocopied, although using the photocopier in this way can slow the machine’s productivity. The same function can be used to over-write the entire hard drive on a periodic basis. As a matter of policy, for example, the entire hard drive might be over-written every Friday afternoon, at the end of the business day.

Having said that, merely over-writing the hard drive may not entirely erase the digital record. Forensic-level hard drive retrieval methods could restore even an over-written document. Businesses or organizations with highly sensitive or classified documents can specially program their machine’s over-writing functions to encrypt the records or otherwise make subsequent retrieval of the protected document even more difficult.

End-of-life Scrubbing

Hard drives, apparently, can be entirely scrubbed clean, and a municipality that is concerned about the information on a photocopier hard drive eventually getting into the wrong hands may want to consider ordering the scrubbing of the hard drive of any photocopier going out the door. This service is sometimes included in any contract the municipality might have with its photocopier management company or the machine’s manufacturer. As part of that service, when the used-up photocopier leaves the town office, the municipality is provided with documentation that the hard drive has been scrubbed clean.

End-of-life Destruction

For some photocopier owners, even a thorough hard-drive scrubbing is not enough protection, and they require the photocopier’s hard drive to be completely removed from the machine being replaced so that it can be physically destroyed. This is, of course, the most positive way of ensuring that no information on the hard drive will end up in the wrong hands, but it is also the most expensive. Retaining the hard drive at the end of a machine’s lease period or useful life can add several hundred dollars per machine to the cost of a contract.

In summary, municipal officials with document-retention and document-management responsibilities should make sure they acquaint themselves with their town’s or city’s photocopiers. In addition, they are encouraged to implement clear policies, procedures, contractual agreements or other methods to ensure that confidential documents or information embedded within the hard drives of those machines not leave the town office in retrievable form.