Your Copier and PII

I saw this report on copiers and how the images they store are retained. I suggest you give view it and do some hard thinking.

Copiers and many fax machines retain electronic copies of the images they process forever. Yes, forever. The images are stored on the machine, and when you trade in your machine, you trade in all those images, too, which go to the next owner.

These machines can be an issue not just for PCI, but also present HIPAA challenges and, indeed, all forms of PII (personally identifiable information) can be there from tax returns to official documents.

There are encryption modules, and it might be worth exploring these for copiers and fax machines used in areas where you process payments. They cost extra, but they could be worth it. Come to think of it, I hope every law firm, hospital, and payment back office has such encryption. Yeah, and I probably believe in the tooth fairy, too, and that the Giants will win the pennant and that I'm going to run a 2-hour marathon.

What is the risk? The machines are not easy to take apart, and you need some expertise to get the information off the storage device. But the bad guys have already figured out how to break into everything from banks to card processors, so it isn't too great a leap to believe they can dig through your copier, too. That is especially the case if the copier is from a payment operation.

On the good side, maybe a little FUD will keep your staff from using the office copier for their tax returns...think of the paper and toner savings!