Meloria • Ever Better
Search Tools Main Menu

Currents

October 20, 2010

New policy protects data on copiers, faxes

Your personal data: Social Security numbers, medical information, bank account numbers. These are just a few examples of the data being stored on copiers, scanners, fax machines, and printers throughout the life of the devices. They are also attractive data for tech-savvy thieves.

Protect your dataNational media reports have documented cases in which thieves have attained used copiers and stolen the information off the hard drives.
A new policy aims to protect private data and personally identifiable information stored on these types of devices owned or leased by the University. The guidelines specifically apply to the acquisition and disposal of copiers, laser printers, scanners, fax machines, credit card processing units, and multifunction devices—those machines that serve more than one purpose (copying, scanning, printing, etc.) and contain a hard drive that stores data.

“Many of us deal with sensitive information, like Social Security numbers or HIPAA information, as we complete our daily activities here are the University.  As we are continually reminded by reported breaches, almost on a weekly basis, our computing environment has become much more complex,” says Julie Myers, the University’s chief information security officer. “Copiers, fax machines, printers, and cellular phones are now all storing that potentially sensitive information each time we use the device. We need to continue to transform our thought and work processes to ensure that we are protecting the information that is entrusted to us.”

The policy goes into effect Nov. 1, 2010. It states:

Leased multifunction devices or copiers

  • All Medical Center divisions, including off-site locations, must complete leases through the Document Connection (formerly known as the Copy Center). The Document Connection can be reached at 275-3879.
  • All other leases must be arranged through Corporate Purchasing.
  • In all leases handled by Corporate Purchasing, the lease agreement will require cleaning of stored data from the equipment or surrender of the storage media to the University at the end of the lease.  Cleaning may be done by Document Connection or the lease vendor and will usually be charged to the user under the lease or as a separate fee.


Purchased multifunction devices or copiers:

  • All Medical Center divisions, including off-site locations, must complete purchases through the Document Connection.
  • All other purchases must be arranged through Corporate Purchasing.


Purchase of laser printers, scanners, fax machines, and other devices

  • Purchases of these devices (that are not copiers) can be made in any way allowed by University policy.


Disposal of other purchased equipment

  • Devices that contain storage media, such as the ones described in the policy, must be disposed of in the same manner as computer equipment through Facilities and Services, which maintains a contract with a vendor that destroys internal storage media before recycling or reselling equipment.


Read the full policy online at www.rochester.edu/it/policy.

Previous story    Next story