Data Protection Problems relating to modern Photocopiers and Printers

In recent years, photocopiers have developed into multi-function devices with considerable "intelligence" of their own. This has also given rise to data protection risks. If documents are digitally scanned, they remain for a certain time in the memory of the machine. The machine can also be integrated into a computer network. Reason enough to take a closer look at these devices from the point of view of data protection.

Many users are completely unaware that the modern digital copier that they use every day makes a digital copy of every document and, if permitted, will retain these copies for a considerable time. As a result, vast numbers of confidential documents can pile up. The risk of unauthorised access should certainly not be underestimated. Digital copiers not only duplicate documents, they scan them first of all and this process can be used in various ways to edit the document. The machines can also be integrated into a company network; furthermore, they are in most cases also equipped to function as a fax machine. This additional function requires the temporary storage of the document in the RAM (random access memory) and in many cases on the hard disk as well.

Depending on the machine and the settings, the data is automatically deleted either after each print out, or every time the machine is restarted, or indeed not at all. In some cases, it is possible for the user to delete the data manually. The simple function of being able to print a copy of the last document processed can have disastrous consequences.

Unauthorised persons must not be permitted to remove data carriers (normally hard disks) that contain copied or scanned documents from the machine. If hard disks are replaced by service technicians, the same security measures should be taken as apply to computers: the data must be irretrievably deleted before the data carrier leaves the company premises

An additional risk is network access to the machine (if this is possible) from an external work station. Here strict regulations governing access must be implemented. Some manufacturers offer excellent solutions that guarantee increased security. What is essential is that every member of staff that works with digital photocopiers is instructed in their functions and risks so that they can use the machine appropriately.

When deciding on which digital photocopier best suits your needs, attention should be paid to whether the hardware and software permit the machine to be operated in such a way as to meet the data protection and data security requirements of the company in full. The operator is, after all, responsible for the data collection as its proprietor: the Data Protection Act expressly requires that personal data be protected against unauthorised processing by means of appropriate technical and organisational measures. Users should not photocopy sensitive documents on a machine if there are unaware of how the data will be processed and in particular what means of access to the data are offered by the machine

[July 2003]