Fellow practice management advisor Courtney Kennaday tweeted today about a CBS investigative report that uncovered a hidden treasure trove of confidential information: your office photocopier.
As the story explained, digital copiers contain hard drives. Hard drives store information. In this case, an image of every document copied, scanned or e-mailed.
Before you gift, recycle, or ecycle office equipment take care to remove confidential client information. The CBS story points to a Sacramento-based company, Digital Copier Security, which offers a product called “INFOSWEEP” that can scrub all the data on hard drives. INFOSWEEP is only available in California and Nevada and comes with a fairly steep pricetag for solos: $695. Considering that many of the new hard drives offered on Digital’s site are $299, another solution might be to pull your copier’s existing hard drive, destroy it, then donate, ecycle or recycle the equipment as is (or replace the hard drive for less than half the cost of the data scrubbing product).
Regardless, this story is a timely reminder: Laptops, computers, and smartphones are not the only items that contain confidential client information. Any device or piece of equipment with a hard drive or memory card can be problematic. Donation, disposal, or even repair can lead to breach of confidentiality. Consider printers and fax machines. Both store documents in memory. Both suffer breakdowns. Repair almost always involves replacing or servicing a mechanical part. So what happens when the machine is fixed? All the documents being held in memory begin printing.
Whether repairs are being performed in your office or back at the shop, you should inquire into your vendor’s privacy or confidentiality policy. You may also want to know if employees are bonded. While the Professional Liability Fund does not offer a vendor’s confidentiality agreement per se, we do have confidentiality pledges for in-house employees that can be modified. At the PLF Web site, select Practice Aids and Forms, then Staff.
For more information on protecting confidential information when ecycling, see my Oregon E-cycles! post.
Copyright 2010 Beverly Michaelis
Postscript
Colleague Reba Nance, Director of Law Practice and Risk Management for the Colorado Bar Association, brought the following security statement from Xerox to my attention:
April 23, 2010 – Digital Photocopiers Loaded With Secrets?
“Customers are worried about the dangers of sensitive information being left behind on the disk drives of multifunction devices. Xerox has recognized this problem for over 10 years and has built effective security controls into our devices to address the issue. Features such as Image Overwrite and Disk Encryption are available as free standard features in most of Xerox multifunction products.
Also, customers can avail themselves of the disk removal program whereby for a flat fee, a Xerox technician will remove a drive and turn it over to the customer for disposal. We educate customers about security risks and the features available to address them, and we take proactive steps to continuously maintain the security of devices in the field.”
Oregon Law Practice Management 