Thursday, July 01, 2010 - Posted by Philip Harvey
Have you ever thought about how your organisation disposes of its Photocopiers?
Nearly all photocopiers contain a Hard Drive, with most digital copiers storing an image of every scan, image & print job. The below case study is a good reminder of ways data that would be covered by the Privacy Act may be unwittingly disclosed:
In February 2010, news service CBS accompanied John Juntunen, the founder of DCSI (Digital Copier Security Inc) to a warehouse in New Jersey to discover how hard it would be to buy a used copier loaded with documents and discovered that it was pretty easy! Based on price (less than US $300 each) and the number of pages printed, Juntunen selected 4 machines. The original owner and use of those copiers were not known until after the copiers had been unpacked and plugged in.
CBS reported that within half an hour, Juntunen had removed the hard drives from the 4 copiers and then used a forensic software program available for free on the Internet to run a scan which allowed him to download thousands of documents in less than 12 hours.
On one of the copiers, they found documents still on the copier glass, from the Buffalo, N.Y. Police Sex Crimes Division. Getting into the data from that copier, they found detailed domestic violence complaints and a list of wanted sex offenders.
On a machine from the Buffalo Police Narcotics Unit they found a list of targets in a major drug raid.
The third machine had previously been used by a New York construction company and yielded design plans for a building near Ground Zero in Manhattan, 95 pages of payslips detailing names, addresses and social security numbers and $40,000 in copied cheques.
The final copier purchased, originated from Affinity Health Plan, a New York insurance company – this copier gave up 300 pages of individual medical records, everything from drug prescriptions, to blood test results, to a cancer diagnosis.