At my last "office" job, the new machines they brought in were fully networkable. (The next time you're using a newer generation copier, check whether there's some cat5/6 plugged into the back.)
So, if you copied something personal during your lunch break (considered a de facto perk, as long as exercised in restraint, e.g. that tax form before dropping same in the mail), would it remain on the copier hard drive? Worse, would it be deliberately archived in a company datastore?
This place was big enough and sophisticated enough to have some technologists dedicated to managing the machines (in conjunction with a service contract). Yet I ended up having to help them with some configuration difficulties. Which led and leads me to consider the implications also raised by this story. Any organization with a halfway decent security policy should understand and address these problems when first deciding the bring the machines in. Yet they apparently don't. And manufacturers should have addressed them up front in the feature set and use/management guidelines (e.g. a setting to wipe images on job completion, whether user controlled or in overall systems settings; a clear machine management feature to securely wipe (e.g. to a clearly defined and understood DoD standard) all drive data storage). Yet they apparently haven't. Or they don't clearly steer customers to knowledge and use of those features.
The reasons for the technological features are obvious. Their mis-management, unfortunately, seems all too familiar. I'm sure there were people arguing for better, but that would have been hard.
So, if you copied something personal during your lunch break (considered a de facto perk, as long as exercised in restraint, e.g. that tax form before dropping same in the mail), would it remain on the copier hard drive? Worse, would it be deliberately archived in a company datastore?
This place was big enough and sophisticated enough to have some technologists dedicated to managing the machines (in conjunction with a service contract). Yet I ended up having to help them with some configuration difficulties. Which led and leads me to consider the implications also raised by this story. Any organization with a halfway decent security policy should understand and address these problems when first deciding the bring the machines in. Yet they apparently don't. And manufacturers should have addressed them up front in the feature set and use/management guidelines (e.g. a setting to wipe images on job completion, whether user controlled or in overall systems settings; a clear machine management feature to securely wipe (e.g. to a clearly defined and understood DoD standard) all drive data storage). Yet they apparently haven't. Or they don't clearly steer customers to knowledge and use of those features.
The reasons for the technological features are obvious. Their mis-management, unfortunately, seems all too familiar. I'm sure there were people arguing for better, but that would have been hard.