Multifunctional printers, copiers, or network scan/fax devices equipped with a hard disk drive can pose a security risk when image data not cleared off of the drives when the device is sold. If the data is still on the multifunctional device hard drive, it can be retrieved by the new owner, exposing sometimes highly confidential information. While Advance is not aware of any instances in which this has occurred with our equipment or that of our customers, it is an issue that we take very seriously.

Typically, multifunctional devices are configured with two different kinds of memory—a Hard Disk Drive, or HDD, and Random Access Memory, or RAM.  A Hard Disk Drive (HDD) can represent the long-term storage of data, such as documents a user wants to permanently store in an electronic mailbox for later retrieval. RAM, on the contrary, represents the short-term storage of temporary data such as a copy or print job. RAM is classified as “volatile” memory, in that data is only stored while the machine has power.

When you run a job on a multifunctional device, the latent data of that image is stored in the device’s volatile memory, or RAM.  The data then resides within the RAM until either the next job is processed, overwriting the previous data, or power is cut off and the data is lost.  If the job is large enough to need more processing space than the available RAM, the machine will use part of the HDD to complete the job.  Again, that latent data is stored temporarily, until the next jobs are processed, overwriting that space.  The difference with the HDD is that it is “Non-Volatile” memory, so turning off the power does not clear the data.

There are multiple options for HDD data deletion. Depending on the model of your machine, you may have an erase function built in to your machine. Other options for data deletion include enhanced security kits installed on the device, degaussing (magnetic erasure of data), and complete HDD destruction or shredding.   With RAM, erasing the temporary data is easy, since the memory is cleared when the power is turned off.

Standard security features range by manufacturer and model, therefore it is important to evaluate what options are both included and available when considering new equipment.  A majority of manufacturers include their own proprietary encryption methods to enhance data security.   Data passing through such devices is encrypted and requires proprietary software, found only within the machine itself, to decrypt the information. This technology allows the data only to be decoded on the device, thus making it extremely difficult to extract the information in a usable form.   

Enhanced data security kits are available from most manufacturers and vary in method. Savin’s (Ricoh) premier product for data encryption is their hard disk DataOverwriteSecurity Solution (DOSS). With Savin’s DOSS, after a job is complete, the feature immediately performs a three pass overwrite sequence that writes a series of 1s and 0s across the temporary data.   Savin also offers an encryption kit for HDD temporary data.

Canon too has add-on Security Kits to further enhance the protection of HDD data. The Security Kits have the ability to either encrypt all user data prior to storage on the HDD or to initiate the overwriting of the HDD to completely erase previously stored temporary data.

These options should be considered, particularly by companies dealing with sensitive or confidential information. In addition, Savin’s DOSS and Canon’s Security Kits are HIPPA, GLBA, and FERPA compliant.  For more information, please contact your Advance Sales Representative.  

Our primary objective, upon learning of the potential risks, was to shred all HDDs in our possession, in order to put our customer’s minds at ease. This immediate action plan took place on May 26, 2010 when Advance partnered with an electronic shredding company to destroy HDDs in our possession. Moving forward,  we encourage  customers to consider all of the standard and add-on options for enhanced security when acquiring new multifunctional devices, as well as educate them on hard disk drive deletion at the end of the device’s lifecycle.  Data sanitation methods such as degaussing (magnetic erasure of data), shredding, and recycling, as well as the issuance of certificates of HDD destruction, are available for purchase as well.  

In order to protect any existing customer data, Advance has partnered with a hard drive shredding company to shred any used multifunctional device hard drives currently in our possession. Although every copier we lease and sell is equipped with security features that overwrite the data on the hard drive, Advance believes that destroying the HDD in its entirety is the best method for protecting our customer’s data. We have taken this action in order to give our customers peace of mind in knowing that their data, and the data of their customers, has been unquestionably destroyed. These options are now available for purchase.

Concerned customers can contact Jeff Elkin, Chief Operating Officer of Advance, at 410.252.4800.