Your Copiers Are Storing Confidential Patron Information. What You Can Do About It.

A copier in a library

Patrons copy or print all kinds of things at the library. Many do not contain sensitive data, but some probably do: birth certificates, ID cards, medical records, or banking information. Modern digital copiers and multifunction printers have hard drives that store data about all the documents they copy, print, scan, or fax. There are things you can do to insure patron privacy in this little-known area of data security risk.

We hear constantly about data risks from malware and hacking in to computers and networks. Far less often, we hear about data theft from copiers or multifunction printers, which are universal in libraries. Instead, the most common concern about patron copying and printing is copyright infringement.

Copier security is a real risk though. Modern commercial copiers and multifunction printers are actually computers with hard drives and network connectivity. They are as vulnerable to data theft as anything in a library's IT system. They can store copies of documents, and they also have usage logs that hackers can get to, as can anyone servicing the devices.

Insuring Network Security

Your library's IT staff has almost certainly installed security for your IT system. They can just as easily make sure that copiers and printers connected to your network are securely integrated, just like the computers and servers on the network.

Modern commercial printers and copiers usually have a web-based interface that allows an IT administrator to view the printer's status, see reports, and configure several aspects of the printer. Here are some security precautions.

  • Of course, the web interface should have a long and strong password.
  • Also, HTTPS (SSL or TLS) encryption should be enabled for the interface as well. See our recent post, HTTPS: It's Way Past Time.
  • Because copier and printer operating systems include a network firewall, it should be enabled and should limit access to just library users.

Insuring Physical Security

  • A primary recommendation of the ALA Library Privacy Checklist for Data Exchange Between Networked Devices and Services is to configure printers and copiers to encrypt data by default.

    Many multifunction printers and copiers support full-disk encryption. Full-disk encryption scrambles the entire contents of the hard drive so that data can only be recovered by using a secret key. Disk encryption prevents intruders from recovering documents stored on the disk, even if they do manage to get the data. The Advanced Encryption Standard (AES) is a preferred form of encryption for use in printers (PDF).

  • Commercial multifunction printers and copiers support an additional type of data security called automatic disk wiping or data erasure. When disk wiping is enabled, the device will automatically erase and overwrite all saved data periodically. It's a good idea to overwrite the entire hard drive at least once a month.
  • It's also a very good idea to enable automatic log wiping. Print logs contain metadata about the users who print anything, including the document name, the file type, and the date it was printed. The print logs can be automatically purged on a regular basis.

Additional Precautions

If your library has a service contract with a vendor or copier company, check with them to see what data security precautions they are currently using — both inside the copier and also within their company. Modern copiers routinely send diagnostic information to the company, and this information may contain sensitive patron data.

If you think your service contract doesn't have strong enough data security precautions, ask what the company can do to strengthen them. This may entail a cost if your printers don't have needed security features. Nearly all commercial multifunction printers and copier brands like Ricoh, Canon, Xerox (PDF), Sharp, and Kyocera sell an optional data security kit.

A final concern is to be mindful of data security when you retire any IT device that stores data, including old printers or copiers. Make sure that final data destruction is part of your service contract. Many copiers find their way to second-hand markets with data on hard drives perfectly intact.

I don't mean to be all paranoid about data security on library printers and copiers. It may well be that adequate precautions are already in place in your library, but it wouldn't hurt to check.

Additional Resources