Data Security on Copy Machines

When considering the purchase of a copy machine, please follow best practice and work with the Purchasing department for optimal prices and services. Additionally, appropriate contract approval should be verified with the ATSU General Counsel’s office. Once a copier is purchased/leased, please contact the ITS department to coordinate with the vendor for setup. This will help protect your data and verify that secure information is going to appropriate storage.

Basic copier information

Many people are unaware that most newer copy machines have embedded computer hard drives on which data can be stored. In accordance with ATSU HIPAA POLICY 85-152: Device and Media Reuse and Disposal, this data must be secured during the life of the copier and then removed from the device upon disposal of the unit. Today’s copiers are computerized, with touch screen interfaces, memory, and output functions just like a PC. They are networked into your office, accept WiFi connections, and interact in ways very similar to a desktop or portable computer. All ATSU networked copiers should be set to store scanned data files to the network, not the local hard drives. This ensures that no data is lost during replacement and it avoids the issue of putting data on an unsecured file share via the copier.

When trading in or disposing of a copier

When trading in or disposing of a copier, you should contact the Purchasing department. They will have information regarding the lease or purchase of the current machine and will work with the ITS Support Desk to advise you on trade in options, or of re-purposing it within the University. Once decision is made about the disposal of a copier, please contact ITS so we can clean the hard drive, if needed, and verify data retention and security.

Other References

• Data Sure – copier information
• Federal Trade Commission – Information on copier security