If you've ever traded in or given away a smartphone or laptop, chances are you were careful to wipe the device before it left your care. But what about the last time you got rid of a copier, printer, or fax machine? You may have thought these devices were harmless, but you'd be wrong.
According to a report by Advisen, the modern incarnations of these devices (those made since 2002) all have hard drives, which means every one of those documents you copied at home or the office may go on to lead new lives in someone else's hands. That's right – any device with a hard drive can store scads of digital information just like your trusted laptop or computer.
Just take a second to appreciate what kind of documents we're talking about here. Like most small-business owners, you probably copied or printed…
- Tax returns.
- Voided checks.
- Driver's licenses or Social Security cards.
- Client records.
- And more.
If you didn't have the hard drive of your printer or copier wiped before you gave it away, you could jeopardize your business in more ways than one. In short, a data-laden printer or copier can lead to…
- HIPAA fines.
- Professional liability lawsuits.
Let's take a look.
Disposing Electronic Devices: What Are the Risks?
The US Department of Health & Human Services offers this little tidbit if you think no hacker is going to take the time to riffle through your old copier's hard drive: the New York-based company Affinity Health Plan used leased copy machines to make records of their customers' health information. When the company returned the machines to the leasing agent, it inadvertently disclosed the health information for over 344,500 customers. Because disclosing protected health information is a violation of federal HIPAA laws, the HHS fined the company over $1.2 million for the offense.
What's that you say? You're convinced you're not at risk because you don't run a small healthcare business? Try this on for size: banks are suing Target over all the customer credit cards they've had to replace since the big breach. A judge recently ruled that the class-action lawsuit could move forward, noting that Target should have done more to prevent the breach from happening.
In other words: there's now some legal basis to hold businesses financially responsible when they fail to protect sensitive information. So that unscrubbed printer you were about to throw away? If hackers managed to salvage customer information from its hard drive, your customers could sue you, citing that your professional negligence allowed the breach to happen.
How to Keep Your Old Electronics Safe (Even in an e-Graveyard)
To keep sensitive information from falling into the wrong hands, security experts strongly recommend…
- Wiping hard drives of all stored information.
- Overwriting files (e.g., covering the data with random characters so the files can't be reconstructed).
- Destroying the hard drives in copiers and other digital devices before discarding them.
- Taking unwanted devices to an e-waste company, which wipes or destroys hard drives for you.
- Avoiding pay-to-use printers, copiers, or scanners for sensitive information.
If you run a small healthcare business, these tips are especially important to follow. After all, you likely make hundreds of copies a month of patient insurance cards and health information. You don't want to end up like Affinity Health Plan and owe a fortune in HIPAA fines for not taking the appropriate security precautions when throwing out your old copiers or printers.
For other small businesses, keep in mind that we're living in the age of data breaches. Your best defense is to stay current on the latest vulnerabilities, create a cyber risk management plan to reduce your exposures, and for extra assurance, invest in Professional Liability coverage. This policy can help pay for legal expenses associated with professional negligence lawsuits. Talk to your insurance agent to find out if your coverage can address negligence claims stemming from data breaches.