Reference CBS Investigation
In the report CBS using a photocopier expert purchased four machines from a used copier warehouse. Then using a forensic software program available free on the internet they were able to download hundreds of images including police records, payslips, social security numbers from the hard drives of the digital copiers.
One thing to remember is that encryption on photocopiers has improved with information on hard drives now encrypted by default. Most modern digital copiers support (IIO) immediate image overwrite or (ODIO) on demand image overwrite that will effectively delete saved images. Samsung’s latest digital copiers overwrite hard drive data three times in compliance with United States Department of Defense (DoD) directive 5200.28- M. This prevents forensic software from extracting usefull information. Xerox say there image overwrite feature is available on most of there digital copiers and this electronically shreds information.(Xerox Securty Information). Sharp also offer a security kit that encrypts data on the hard drive and shreds stored information.
Most manufacturers offer security software to remove data. The service technician can use the copier service mode to erase and reformat the hard drive. This option is available free of charge and can be carried out by your service technician at the end of the copiers life. Third party data removal tools do exist one such is INFOSWEEP (Copier Security ). Which incidently is offered by the same company that CBS used in its report to gain sensetive information from old copier hard drives.
Manufacturers have been extremely casual about security of hard drives. One important thing to consider is the obligations of companies and organisations to conform to the Data Protection Act. This act expressly requires that personal data be protected against unauthorised access by appropriate technical measures. The manufacturer may have a legal obligation to provide companies with the neccessary tools service and advice to protect data thats stored on hard drives from theft and this should be done free of charge.
In cases where the organisation or company need to conform to the DoD directive and software is not available to delete hard drive information then there is no alternative but to remove the hard drive at the end of the lease. Xerox has become one of the first manufacturers to publicly offer hard drive removal at the end of the copiers life.