littleneutrino, on 07 January 2013 - 20:59, said:
videos like this are just journalists trying to scare people. The copy machines we have at work all have Hard drives in them and the HDD is in the copy machine to facilitate locked printing, large document sizes and being able to scan as a pdf and send either via email or through SMB directly to a computer. The data is deleted seconds after it is used and while it is possible to harvest the files off of it if you really had to it is not worth the time. Its not like we have to swap the hard drive out every so often because it is full and we are keeping everything people copy or send.
While your company may have the policy in place for no data retention on the copier, a lot of places won't simply because they never chose to do anything about it, or didn't realize the data is stored on the hard drive itself.
I was aware of the data retention on machines from hearing about it several years ago, and have only had to wipe a HDD once on a copier, and that was when a health facility changed hands via funding and ownership. The policy of my employer was to strip out all data even if it would have been useful for the new owner's. Because of various laws in place, we had to wipe the drive basically before we turned it over to the new owners.
A little off topic, but I remember one time at a call center I worked at for a major mail order catalog as a call center drone (operator). During the slow times, I would poke around in the hard drive's root directory and see what all was there. One time I ran across a file of customer data, names, addresses, and full credit card numbers generated by their Point of Sale system from their physical store. The guys in the IT department there just recycled the computer and gave it to us w/o wiping the system. So, even computers can have this info if traded across the community after being e-cylced. Just proves that you have to beware of what is out there.
While most people would think it is not worth the time to get data from deleted drives, for the right person (data theif, someone wanting to screw over the company etc), it would be very worth their time. Just like in the video, medical records were found - serious violation of privacy and the HIPPA laws (Health Information Portability Protection Act), If someone had found info on say a famous person or gov't offical that visited the health center, then that could be used. Or checks which were found copied. On the bottom of the check is the routing and account number. A simple trip to the office store will let you buy blank check stock that looks like what they are using and print the info (account number and routing number) on the bottom of the check, and forge everything. Giving access to money by the theif.