Your MFD Fleet May Hold a Treasure Trove of Confidential Information for Identity Thieves

Every time you use an MFD to copy, scan, print, fax or email, the hard drive built into the machine saves an image of your job. Once your lease term ends or you trade in for a new fleet, those machines make their way to one of many warehouses across the country, where they are either broken down and recycled or resold.

Here is where the potential problem lies.

If your Firm regularly deals with documents containing personal information, chances are images of those documents still reside on the MFD hard drives. Identity thieves now see the used copier market as a prime hunting ground for valuable information. A copier purchased for $200 can yield thousands of records containing personal information such as social security numbers, medical information or financial account numbers.

Some government entities have reacted quickly to this threat. The Commonwealth of Massachusetts recently enacted MGL c. 93H; 201 CMR 17, a law written to protect the personal information of residents of the Commonwealth. The law contains provisions for the protection of personal data that is stored or transmitted over computer networks – that includes transmitting a print request over your network to a printer or MFD. Add to this the aforementioned MFD hard drive implications, and suddenly we have a potentially serious issue for any entity storing or working with the personal data of any resident of the Commonwealth.

Certainly, if you are operating a law firm or business in a state such as Massachusetts that has legislation enforcing data protection, you need to be especially aware of where your (and your clients’) data is being stored and whose hands it falls into after your machines leave your building.  In any case, lawyers have a duty to protect their clients’ information in every state, so this is not a time to put your head in the sand and hope for the best.

Ask your MFD suppliers to explain how the hard drive from your previous machine will be removed, and either delivered to you or destroyed effectively to protect your Firm’s confidential information.  Protect yourself, protect your clients, and make sure that you are in control of your Firm’s own data.