Are you aware that thousands of images (copies, scans, emails) can potentially be stored on your copy machine’s hard drive? Have you considered what would happen if the machine is re-sold or disposed of? What if that hard drive gets in the hands of a competitor or crook? These are serious issues that human resources should know about and address.
Nearly every copy machine manufactured since 2002 stores documents copied, scanned and emailed on the machine’s hard drive – just like your computer. Every salary document, employee data document (social security numbers, addresses, age, etc), board member communication, company trade secret that has gone through that machine may still be stored in the hard drive which means that it can be extracted and used for criminal purposes.
The FTC is working with copy machine makers and sellers to provide educational materials to their clients, but my informal survey of HR professionals resulted in the conclusion that this is a widely unknown crack in most company’s security knowledge.
Although HR may not be ultimately the department/person formally charged with company security, they do own responsibility for their confidential records and must ensure that they work closely with the security section of the company to ensure that the privacy of these records are never compromised.
Consequently, HR and others in the company who are responsible for the handling of confidential information have a responsibility to check with their machine vendors about what the security risks are with their current copiers. They need to find out if the hard drive should be destroyed prior to resale or disposal of the machine. When purchasing a machine they need to ask questions about the security measures built in to the machine and whether they are enough to protect against the possibility of data theft.
- First of all, make sure one exists in the employee handbook.
- The policy should address whether the company wants to allow employees to copy or send sensitive documents via external copy machines with hard drives – home machines or those at Kinko’s and other copy service providers.
- The policy also should address who is responsible for the security of internal machines and what guidelines employees should follow in the purchase, use, and discard of these machines.
If you are interested in evaluating whether your current handbook contains the types of company privacy policies that best protect your companies’ interests, contact us. You can also learn more about the key elements to creating an employee handbook.