I had the privilege of delivering the opening keynote yesterday at a seminar focused on regulatory compliance and information governance, hosted by Graphic Imaging Services of Las Vegas, NV. We talked about the European Union General Data Protection Regulation (GDPR), The California Consumer Privacy Act of 2018, The Nevada Open Meeting Law, and more regulations that impact businesses and government agencies.
As the session progressed, discussions ensued focusing on where information resides, how governance should address management and disposition of that information, and how to ensure governance policies are followed. For example, it is safe to say that all modern Multi-function peripherals (MFP) have a hard drive that not only stores the copier operating system, is stores everything you have copied, faxed, or printed through that device. As such, these devices present an information management challenge and potential security risk. The question then turns to governance and how the information stored in these silos, is managed and disposed of.
In my view the first step is to identify all MFP devices that have storage capabilities, what type of storage device it contains, and how to delete any information that may reside on these devices. Once this inventory has been taken, add a section to your governance policies that address these devices, policies on retention and disposition of the stored information, assigned responsible personnel to ensure these policies are maintained in accordance with documented procedural directions on proper deletion methods.
Of course we discussed much more than this but for many, the realization that this even existed and should be a consideration was a true eye-opener. For those of you reading this post, I present you with the same question as the attendees. Do you know if your MFP devices have storage devices within them, are they storing information, and do you have a policy in place to properly address it?