Many church employees were stunned to learn that copiers made since 2002 have an internal hard drive that stores images of everything copied on that machine, and that when a copier is sold or returned to a vendor at the end of a lease, all of these images go with it! In many cases, used copiers end up in other countries where the contents of hard drives can easily be extracted and exploited. Many employees in this country have had their personal identity stolen by this means.
Think of some of the highly confidential information copied on the typical church copy machine:
- confidential and personal correspondence;
- board minutes;
- minutes of the board acting in “executive session” (i.e., in secret);
- Social Security numbers of employees found on various tax forms;
- driver’s license numbers;
- church credit card numbers;
- employee credit card numbers;
- church bank account numbers;
- employees’ personal tax returns (copies made on the church’s copier);
- tax forms completed by the church;
- employee’s bank account numbers (from copies of bank statements made by employees using the church copier).
The problem is compounded by the fact that in most churches the copy machine is used by employees for personal use as well as for church use.
What can churches do to reduce or eliminate this risk? Here are some precautions that some churches are taking:
Do not purchase or lease a copier unless it includes an encryption or overwrite security feature. Ask your copier representative if the machine being ordered includes such features.
If the vendor does not provide encryption or overwrite protection, you can purchase an encryption solution for the copier’s hard drive or an overwrite program that overwrites data onto the hard drive rendering the images unread- able. These solutions often can be installed on both new copiers upon delivery, or on existing copiers already in use.
Erase the data on the hard drive when the machine is returned to the vendor for service or return at the end of your lease. Software is available to perform this function. Some machines come with a disk erase utility. Check your owner’s manual for details. Note that not all erasing techniques are completely effective.
Destroy the copier’s hard drive at the end of the lease or when the church disposes of a copier that was purchased. This is the only way to ensure that private information will not be accessible—assuming that the destruction is total. Some churches prefer to erase or encrypt the hard drive contents rather than destroy the drive since these are more environmentally friendly options.
At the end of a lease have the vendor provide you with a signed “certificate of destruction” that includes the model number and serial number of the hard drive before allowing the copier to be removed from your premises. The certificate states that the hard drive, or its contents, will be destroyed. Obviously, you have no way of knowing if your request was fully honored.
Include language in your copier contract that requires the vendor to offer you the hard drive for purchase at the end of the lease. In this case, you can ask the vendor to send a technician at the end of the lease to remove the hard drive so that you can deliver it to a computer technician of your choice for secure destruction.
Richard R. Hammar is an attorney, CPA and author specializing in legal and tax issues for churches and clergy.