7 steps in preparing MFPs for the changes to the Privacy Act
7 steps to help prepare multi-functional printers (MFPs) for the changes to the Privacy Act are provided by Konica Minolta.
As part of the reforms to the Federal Government’s privacy legislation, a significant number of government and private sector organisations will be under even greater obligation to protect the security of personal information stored on its systems, networks and devices. This is just one of a number of changes to the current Privacy Act that will come into effect from March 2014.
If your organisation has a digital photocopier or MFP, we recommend that you conduct a review, including consideration of the device’s security settings and functionality to ensure your compliance obligations will be met come March and beyond.
Today’s MFPs are sophisticated networked devices that can store a large amount of information on its hard drive. To help you prepare your device we suggest, as a first step, that you consider the level of security on your MFP to ensure it is adequate in light of the changes.
THE STEPS TO TAKE
In conducting a review for privacy purposes, we recommend giving consideration to the following issues:
1. Identify the high risk devices
Identify which devices are at risk and customise security accordingly, particularly those for payroll, senior management, account, and in particular credit (the Privacy Act has specific requirements for the management of credit related information as a sub-category of personal information).
2. Activate the security settings
Check the security settings that are available on your MFP. If this is inadequate, consider upgrading to a newer model. Secure the hard drive by activating security options such as encryption, automatic data deletion, automatic data overwrite, password locking for protection of information on the hard drive (should it fall into the wrong hands either because the physical hard drive is stolen or a second hand owner can access the data).
3. Install user authentication
Ensure security of sensitive information through the use of passwords, user box settings, card swipe, finger scan authentication, or follow me print solutions, as the documents are then stored on a server instead of the hard drive.
4. Ensure a password protected firewall is in place
Prevent unauthorised remote access to your networked devices through a protected firewall password.
5. Install a document management workflow to eliminate ad hoc scanning
If your MFP is a networked device, document management workflow solutions will “help to ensure that information is secure and cannot be accessed, modified or disclosed without authorisation”. It will also ensure that scan to email is set up to send only to authorised accounts (i.e. internal office email accounts).
6. Establish an end of life plan
Ensure that you have a policy addressing proper disposal of end of life MFPs, including erasing data on the MFP’s hard drive.
7. Make best practice policies and processes available to your staff
Ensure that they do not inadvertently disclose personal information and provide proper training.
MITIGATING INCREASED RISK
MFP security isn’t new. What’s new is:
- the increased level of risk, with more and more data being recorded, stored and potentially accessible over a network; and
- the steps that need to be taken from a legal perspective to mitigate this risk.