Are you prepared for the March 2014 Privacy Act changes?
Penalties will be higher, and the Privacy Commissioner will have great powers to enforce them. The implications of getting it wrong are also not just financial: the reputation of your business will be on the line.
You will need to consider the level of security on your MFP in meeting your privacy obligations.
Why is it important to consider your MFP security?
Today’s MFPs are sophisticated networked devices that can store a large amount of information on its hard drive.
As part of the reforms to the Federal Government’s privacy legislation, a significant number of government and private sector organisations will be under even greater obligation to protect the security of personal information stored on its systems, networks and devices. This is just one of a number of changes to the current Privacy Act that will come into effect from March12, 2014.
If your organisation has a digital photocopier or MFP, we recommend that you conduct a review, including consideration of the device’s security settings and functionality to ensure your compliance obligations will be met come March and beyond.
What steps should you take?
1) Identify the high risk devices
Identify which devices are at risk and customise security accordingly, particularly those for payroll, senior management, account, and in particular credit (the Privacy Act has specific requirements for the management of credit related information as a sub-category of personal information).
2) Activate the security settings
Check the security settings that are available on your MFP. If they are inadequate, consider upgrading to a newer model. Secure the hard drive by activating security options such as; encryption, automatic data deletion, automatic data overwrite, password locking for protection of information on the hard drive (should it fall into the wrong hands either because the physical hard drive is stolen or a second hand owner can access the data).
3) Install user authentication
Ensure the security of sensitive information by activating password or user box settings (if you have a Konica Minolta device, these two are standard features); or installing card swipe or finger scan authentication.
Authentication means that users will need to identify themselves to release a document, which helps to ensure that:
a) Copies, prints and scans are traceable to an individual,
b) Personal information isn’t inadvertently used for a purpose for which it isn’t intended,
c) Paper isn’t left uncollected as a document wouldn’t be printed without authentication release.
4) Ensure a password protected firewall is in place
Prevent unauthorised remote access to your networked devices through a protected firewall password. This is vital to help prevent outsiders trying to remotely access information not only on the MFP’s hard-drive, but all devices on your network.
5) Install a document management solution
If your MFP is a networked device, a document management solution will help to ensure that information is secure and cannot be accessed, modified or disclosed without authorisation.
A document management solution can assist in information security by:
a) Automating an otherwise manual process, which minimises the risk that comes with manual processing;
b) Digitising documents, which makes them much more secure than paper documents which could be left lying around, at risk of getting into the wrong hands;
c) Adding rules and workflow means that document access rights are highly restricted, and approvals take place in a secure environment, which is more secure than paper- even more secure than email.
6) Establish an end of life plan
Ensure that you have an “end of life” plan addressing the proper disposal of MFPs once they are no longer in use. Remember the hard-drives of these devices may hold thousands of documents with personal information, so the hard-drives should be erased or destroyed.
7) Make best practice policies and processes available to your staff
The best made plans can only be effective if your team know and understand them. They should also be reminded not pass on sensitive or personal information.
Konica Minolta can help
Konica Minolta devices have a number of security options to assist you in meeting your compliance obligations. MFP security isn’t new- what’s new is the increased level of risk, with more and more data being recorded, stored and potentially accessible over a network, and the steps that need to be taken from a legal perspective to mitigate this risk.
You can complete the above steps yourself, or Konica Minolta can provide further information on a security product suite, including an OPS Secure service. Konica Minolta also has solutions available for Document Management and User Authentication.
For more information
Links to government guides