Much like the personal computer and digital server, photocopiers have hard drives. Fax machines, too. That's been the case for years. Ever wonder about a machine's capacity to store your document "into memory" before it transmits or copies? We've all seen the reference to "'memory" on the device readout.
The concern, constituting the latest in identity theft news, is what happens when that machine is recycled or resold. Unless configured otherwise, the hard drive associated with the device's memory remains crammed with the image of every document copied or sent via fax, unless someone wipes the drive and purges the images. And if that machine is recycled into a non-secure environment, the contents of that drive can become the basis for identity theft fraud.
To that end, the state of New Jersey is pushing through legislation that would require that the memory/hard drive systems inherent with a photocopier or fax machine be wiped clean, or purged of contents prior to a device being sent to landfill, recycled or resold. Bill A-2975 has been approved by the state assembly and is moving to the Senate.
"Consider all of the highly sensitive information stored on copiers used by both the public and private sector—medical records from a doctor's office, tax information and Social Security numbers from an accountant's office, sensitive police records, you name it," Assemblywoman Linda Greenstein, who sponsored the bill, said in a statement.
"In today's global economy, a copier used in a doctor's office in Trenton could be re-sold to someone in South America, sending thousands of sensitive documents into the realm of the unknown and opening up a Pandora's box of potential fraud cases. We need this legislation and we need it now."
It is not known if there is any federal statute, beyond that governing computer hard drives, that covers digital photocopiers or fax machines—devices that could easily foster identity theft fraud if placed into the wrong hands.
Security tech gurus suggest that digital copiers, fax machines or hybrids be configured to require secure passwords, or other security measures prior to use. Data should be encrypted. At the very least, say those in the know, devices should be configured to require the most recent document fed into it, to over-write the previous one. Thus, at the end of the day (and at the end of the machine's life or usefulness) there will be but one digital image that will require scrubbing, to avoid ID theft.
READ MORE IDENTITY THEFT LEGAL NEWS
Thus, it behooves a business, corporation or professional service to be aware of the potential for identity theft fraud and other identity theft scams that could arise from the acquisition of sensitive images stored in a device's memory—and take steps to eradicate all sensitive contents prior to the device moving on to its second life. Failure to do so could result in an identity theft lawsuit. Copy that…