Monday, May 10, 2010

Identity Theft – The Other Shoe Drops

This article was written by Jim Roberts, SCORE Orange County Management Counselor

We’ve all heard numerous stories in the media about identity theft, one of the most common crimes in our society. However, there is a severe exposure to identity theft you probably don’t know about. What’s worse, it’s most likely right in your office and you may be contributing to the problem every day.

Almost every business has a copier in the office. Many of these are leased and when the lease is over you return the machine to the leasing company without giving the matter much thought. That’s when the problem starts. If your machine is a digital copier (and most machines today are) it has a hard disk drive inside that stores the images it has copied. The number of these images can run to the hundreds of thousands for a machine that has been in use several years. The exposure is particularly significant if the machine is a high speed copier, or a copier that can also scan and fax.

If your customer’s personal information falls into the wrong hands because someone has acquired the hard disk from a used copier after you retire it from service, you may be legally liable for the consequences. If yours is the type of business that copies sensitive information such as financial records or medical histories, the liability could be staggering. So what can you do to eliminate or reduce this exposure?

· Be aware that it is a common practice of identity thieves to purchase old copiers returned from lessees. They don’t care about the copier, they just want the disk drive. They especially target machines with high volume counts that have been returned from business that are likely to have a lot of sensitive information.

· Call the equipment supplier you acquired your copier from and ask them if it has an internal disk drive and retains images. If it’s a type that doesn’t have a hard drive, you’re in the clear.

· If the machine has a disk drive, ask if the machine has an option to delete the files stored on the disk either manually or automatically according to a schedule. If so, establish a procedure to delete all the stored files (images) on at least a weekly basis.

· If the machine’s firmware does not provide for deletion of stored images, ask the provider if a software upgrade can be installed to provide this capability. If not, it is your responsibility to make sure that the hard disk is wiped clean before it leaves your custody. In some cases, this may mean removing the drive and destroying it.

You can imagine what could happen to your customer relationships and the reputation of your business if you are responsible for the unauthorized release of your client’s personal data. It could easily happen to you if you don’t properly safeguard your customer’s privacy. Images stored on a copier are no different than information on your office computer system. Protect your clients, and protect yourself.

It’s just good business!