2012-06-15 / Columnists

Your Life And Privacy

Are You Sure You Want To Make That Copy?
By Gille Ann Rabbin, Esq., CIPP/US

Original in hand, you trek down to your friendly neighborhood copy store to make a duplicate. What could be bad – photocopier low on toner?

Lost your copy card?

Try identity theft.

Most photocopy machines manufactured since 2002 have hard drives that store images of copied documents – Social Security cards, tax returns, medical claim forms – remember that insanity diagnosis you wanted to keep quiet? If these images are stored in unencrypted format, anybody with access to the hard drive can see them.

A copy center’s photocopiers can also be hooked up to a computer network utilizing a central hard drive. An unprotected network is vulnerable to identity theft.

Access to a hard drive can occur in different ways. A copy center leasing a copier returns it at the end of the term to the leasing business, which resells it to another business, possibly to a ring of identity thieves buying it to retrieve personal information for criminal gain.

A rogue employee accesses a copier’s hard drive. A hacker accesses the unencrypted hard drive of a network storing images from a copier (or scanner or fax).

In 2010, the new owner of secondhand copiers discovered police records, names and Social Security numbers, and Affinity Health Plan medical records on the copiers’ hard drives.

The exposed medical records, a reportable “security breach” event (The Wave, Your Life and Privacy: Are You A Security Breach Victim? (5/18/12), http://tinyurl.com/7otxvkv, on breach notices), required Affinity to notify over 400,000 customers that their personal information may have been at risk.

There is no baseline federal law requiring safeguards for public photocopiers.

There’s not even a requirement that photocopy centers post signs notifying consumers of risks.

(Under general state and federal laws, businesses must not mislead consumers about data security practices, and certain businesses must take reasonable steps to destroy sensitive personal information.

Companies in the healthcare and financial industries have security obligations under federal laws.)

Last year, New York amended its law to require New York retailers to include instructions for customers on how to remove data from hard drives in electronic equipment submitted to a recycling program (and possibly refurbished for resale). Last month, the New Jersey Assembly passed a bill that would require information stored on copiers and scanners used by consumers to be wiped clean when the machine is no longer in use.

If you use public photocopiers, protect your information:

1. Ask about safety features, like automatic deletion of documents after copying.

2. For sensitive data, buy your own small capacity copier without a hard drive.

If you don’t want to buy, find a public copier without a hard drive.

3. If your copier has a hard drive, or is hooked up to a computer network’s hard drive, install security features that encrypt or eliminate stored data. If you have an existing copier, make sure security features are installed.

4. Before disposing of any machine with a hard drive, make sure the hard drive is wiped clean.

Don’t use public copy machines without thinking or if you feel uncertain about safeguards.

Your privacy may not be as private as you think.

Return to top


Email Us
Contact Us

Copyright 1999 - 2014 Wave Publishing Co. All Rights Reserved

Neighborhoods | History