Imagine you are being audited or are under a discovery order to present all materials pertaining to a lawsuit. You have well planned, maintained, and monitored Information Governance (IG) policies and practices, including those related to litigation hold, and presentment.
As a result, you confidently search across the enterprise, locating what you believe is every shred of information requested. There is no place in your information ecosystem where information resides and you are unaware of its existence. Or is there?
The question I would now ask, is did you search the hard drives located in your copy machines and potentially, some of your printers? That is right, there is a hard drive in most of today’s copy machines and some high end printers, where information is held and stored. Not only can they They can store copies of documents, they also have usage logs that hackers can get to, as can anyone servicing the devices.
The question you have to ask is this: “Are my copiers equipped with hard drives and use logs capabilities, and if so, how do I manage these in a way that my organization is not placed at risk and will maintain compliance requirements?”
In My View
Look at the specification sheet for your devices and locate the reference about hard drives in that devices. If you do not find one, there is a chance the device does not have a hard drive. Likewise, you will want to learn the processes to erase informatoin stored on that hard drive or how to access it in times of litigation and audit. This includes not only the documents stored there, but also the use logs.
When it comes time to change out a copier or printer with a hard drive, you will want to erase, remove, and/or destroy the hard drive before turning it over to the supplier. This may require assistance from the service tech, but you will want to ensure that all information – as some may be sensitive or confidential – is not vulnerable to being accessed by unauthorized persons.