Multifunctional printers, copiers, or network scan/fax devices equipped with a hard disk drive can pose
a security risk when image data not cleared off of the drives when the device is sold. If the data is still on the multifunctional device hard drive, it can be retrieved by the new owner,
exposing sometimes highly confidential information. While Advance is not aware of any instances in which this
has occurred with our equipment or that of our customers, it is an
issue that we take very seriously.
Typically, multifunctional devices are configured with two different
kinds of memory—a Hard Disk Drive, or HDD, and Random Access
Memory, or RAM. A Hard Disk Drive (HDD) can represent the
long-term storage of data, such as documents a user wants to permanently
store in an electronic mailbox for later retrieval. RAM, on the
contrary, represents the short-term storage of temporary data such
as a copy or print job. RAM is classified as “volatile” memory,
in that data is only stored while the machine has power.
When you run a job on a multifunctional device, the latent data of
that image is stored in the device’s volatile memory, or
RAM. The data then resides within the RAM until either the
next job is processed, overwriting the previous data, or power
is cut off and the data is lost. If the job is large enough
to need more processing space than the available RAM, the machine
will use part of the HDD to complete the job. Again, that
latent data is stored temporarily, until the next jobs are processed,
overwriting that space. The difference with the HDD is that
it is “Non-Volatile” memory, so turning off the power
does not clear the data.
There are multiple options for HDD data deletion. Depending on the
model of your machine, you may have an erase function built in
to your machine. Other options for data deletion include enhanced
security kits installed on the device, degaussing (magnetic erasure
of data), and complete HDD destruction or shredding. With
RAM, erasing the temporary data is easy, since the memory is cleared
when the power is turned off.
Standard security features range by manufacturer and model, therefore
it is important to evaluate what options are both included and available
when considering new equipment. A majority of manufacturers
include their own proprietary encryption methods to enhance data
security. Data passing through such devices is encrypted
and requires proprietary software, found only within the machine
itself, to decrypt the information. This technology allows the data
only to be decoded on the device, thus making it extremely difficult
to extract the information in a usable form.
Enhanced data security kits are available from most manufacturers
and vary in method. Savin’s (Ricoh) premier product for data
encryption is their hard disk DataOverwriteSecurity Solution (DOSS).
With Savin’s DOSS, after a job is complete, the feature immediately
performs a three pass overwrite sequence that writes a series of 1s and 0s across
the temporary data. Savin
also offers an encryption kit for HDD temporary data.
Canon too has add-on Security Kits to further enhance the protection
of HDD data. The Security Kits have the ability to either encrypt
all user data prior to storage on the HDD or to initiate the overwriting
of the HDD to completely erase previously stored temporary data.
These options should be considered, particularly
by companies dealing with sensitive or confidential information.
In addition, Savin’s
DOSS and Canon’s Security Kits are HIPPA, GLBA, and FERPA compliant. For
more information, please contact your Advance Sales Representative.
Our primary objective, upon learning of the potential risks, was to shred all HDDs in our possession,
in order to put our customer’s minds at ease. This
immediate action plan took place on May 26, 2010 when Advance partnered with an
electronic shredding company to destroy HDDs in our possession. Moving forward, we encourage customers
to consider all of the standard and add-on options for enhanced
security when acquiring new multifunctional devices, as well as
educate them on hard disk drive deletion at the end of the device’s
lifecycle. Data sanitation methods such as degaussing (magnetic
erasure of data), shredding, and recycling, as well as the issuance
of certificates of HDD destruction, are available for purchase
as well.
In order to protect any existing customer data, Advance has partnered with a hard drive shredding company to shred any used multifunctional
device hard drives currently in our possession. Although every copier
we lease and sell is equipped with security features that overwrite
the data on the hard drive, Advance believes that destroying the
HDD in its entirety is the best method for protecting our customer’s
data. We have taken this action in order to give our customers peace
of mind in knowing that their data, and the data of their customers,
has been unquestionably destroyed. These options are now available
for purchase.
