Protecting Data in Copiers and Multifunction Devices
The media has recently brought the data retention practices of many copiers and multifunction office devices into the limelight — specifically that some models of these devices retain, on a hard drive, a digital cached "copy" of some or all documents printed, scanned, or processed by the machine.
Note: this likely includes machines that allow documents to be scanned and then sent via email.
Remember that at IU, policies, best practices, and procedures are developed to protect the confidentiality and integrity of information, regardless of the source, media type, or device involved. Thus, this guide applies existing university resources in an attempt to assist you in making appropriate, informed decisions commensurate with the risk to the information contained on such devices in your office/unit/department.
- What to do when purchasing/leasing new equipment
- What to do with existing equipment
- What to do when disposing of, transferring, or retiring old equipment
- Security Information from Vendors
- External Resources
Note: this guide may refer to but is not limited to: photocopiers, scanners, fax machines, and other multifunction office devices.
Purchasing/leasing new equipment
When beginning the search for new equipment, ensure that you engage and work closely with the Office of Procurement Services. They are currently in negotiations with contracted vendors to ensure that the university receives the best prices on equipment that does not endanger the data that may pass through the machine — either by keeping the cache encrypted, periodically securely deleting the cache, or (ideally) not keeping one at all.
You may direct specific questions related to this type of equipment to the Office of Procurement Services.
If you are currently in the middle of a product’s life, you have several options. UISO recommends you carefully evaluate the options and choose one commensurate with your perceived risk.
However, before anything else, first determine whether your equipment is in fact retaining digital copies on a hard drive. To do this, you may want to contact:
- your sales/leasing vendor
- the manufacturers web site
- Office of Procurement Services
Inquire about a replacement
You may contact either the Office of Procurement Services or your vendor directly to inquire about replacement equipment. Don’t assume all equipment contracts are created equal; perhaps you can replace your equipment at no additional cost to you?
Purchase add-on equipment and/or software
Several vendors and/or manufacturers produce add-ons to their equipment for additional purchase that either regularly destroy or encrypt the cache copies that are stored on the equipment’s hard drive. If you have a large, expensive piece of equipment that is inappropriate to replace at this time — this option may be viable.
It has been speculated that several manufacturers have contributed to the media frenzy on this subject in an attempt to sell these add-on units. So, while discussing options with a vendor is not discouraged, please consult with the Office of Procurement Services before making any final purchasing decisions.
Harden the device and develop departmental clean-up policies
Your best option may be to keep your current equipment and attempt to secure the data within the devices as you go. In this case, UISO offers this quick 4-step guide:
- Review all the functionality of the device, decide how it is to be used (or receive that information from others) and harden the configurations. Disable every service and feature except those identified as required on an everyday basis — including how accessible the machine is via the network.
Revisit the requirements of the device as often as necessary, as offices are often organic environments with changing needs.
- Determine if your make/model equipment offers a “disable” option with regard to maintaining digital cache copies. If so, disable that option
- If not, determine whether your equipment allows periodic deletion of this data. Automatic deletion at specific intervals is preferable, but manual deletion will suffice
- If your equipment only allows for manual deletion, determine who this task will fall to in your office. Copiers and related devices have not been traditionally considered IT equipment, so your equipment may be overseen by an office manager or other administrative personnel
- If a department head requires further reading before wanting to assign staff hours, the Information Policy and Security Offices maintain excellent documentation:
Disposing of, transferring, or retiring old equipment
Since it has become public knowledge that copiers/multifunction office devices may contain sensitive personal information, their disposal must be handled carefully. The university already has the following existing resources related to the disposal of hard drives and the secure removal of data, which should be applied to this type of equipment:
- Disposal and Redistribution of University Property | IU Procurement Services
- Sale of Computing Equipment | IU Procurement Services
- Securely Removing Data | IU Information Security Office
- Hard Drive Destruction Procedures | IU Procurement Services - IU Bloomington
- Surplus Hard Drive Shredding Program | IU Procurement Services - IUPUI and Regional Campuses
Several vendors provided security-related information to IU in the form of answers to questions and additional white papers about the security of their products. The questions asked of the vendors were:
- How many of your devices retain an image of documents on an internal hard disk?
- Does it retain an image of all documents? Scanned, photocopied, printed?
- Provide detail about retention; how long are these images saved?
- Can the devices be configured not to store such images?
- Can the drive be encrypted?
- What other security options/configurations are available?
- Can you provide the costs for various options?
- How do you secure email transmissions, when your copier is used to scan and email documents?
- When a device is serviced and a hard disk is removed, what happens to the drive? is it wiped? shredded?
Read responses from CopyCo, Maxwell's, Cannon IV, Toshiba Business Solutions, and Xerox Corporation. (Note: responses were copied verbatim from email responses)
Security White Papers
These were provided to us directly by the vendors. The Information Security Office only wishes to make this documentation available, and advises that all offices choose a multifunction office machine that can adequately secure university information; this page should imply no endoresement of any particular vendor.