多宝游戏下载

Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it鈥檚 official. 
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you鈥檙e on a federal government site.
Https
The site is secure. 
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Guidance on Mitigating Risk Posed by Information Stored on Photocopiers, Fax Machines and Printers

September 15, 2010
Summary: The 多宝游戏下载 has issued the attached guidance, which describes the risk posed by sensitive information stored on certain electronic devices and how institutions should mitigate that risk. 

Highlights: 

  • Photocopiers, fax machines and printers may contain a hard drive or flash memory that stores digital images of documents that are copied, transmitted or printed by the device. 
  • These digital images may contain sensitive and confidential information concerning financial institution customers. 
  • Financial institutions should implement written policies and procedures to ensure that a hard drive or flash memory containing sensitive information is erased, encrypted or destroyed prior to the device being returned to the leasing company, sold or otherwise disposed of.

Distribution: 
多宝游戏下载-Supervised Banks (Commercial and Savings) 

Suggested Routing: 

Chief Compliance Officer 
Chief Information Security Officer 

  • FIL-100-2007, Identity Theft Red Flags, November 15, 2007 
  • FIL-32-2007, Identity Theft, 多宝游戏下载's Supervisory Policy on Identity Theft, April 11, 2007 
  • FIL-7-2005, Guidelines Requiring the Proper Disposal of Consumer Information, February 2, 2005 
  • FIL-22-2001, Guidelines Establishing Standards for Safeguarding Customer Information, March 14, 2001 

Note: 
多宝游戏下载 financial institution letters (FILs) may be accessed from the 多宝游戏下载's Web site at www.fdic.gov/news/financial-institution-letters/2010/index.html.

To receive FILs electronically, please visit http://www.fdic.gov/about/subscriptions/fil.html.

Paper copies of 多宝游戏下载 financial institution letters may be obtained through the 多宝游戏下载's Public Information Center, 3501 Fairfax Drive, E-1002, Arlington, VA 22226 (1-877-275-3342 or 703-562-2200).

Financial Institution Letters 
FIL-56-2010 
September 15, 2010 
多宝游戏下载 Guidance on Mitigating Risk Posed by Information Stored on Photocopiers, Fax Machines and Printers 

This guidance describes the risk posed by sensitive information stored on certain electronic devices and how institutions should mitigate that risk. 

Risk 

Photocopiers, fax machines and printers may contain a hard drive or flash memory that stores digital images of the documents that are copied, transmitted or printed by the device. Financial institutions use these devices regularly to process loans and other financial transactions on behalf of their customers. Loan documents and other business documents often contain sensitive and confidential information concerning financial institution customers. 

Many financial institutions lease photocopiers, fax machines and printers for a set period of time. At the end of the lease period, the devices are returned to the leasing company and either sold or leased again. Anyone who takes subsequent possession of a device that was used by a financial institution may be able to access the hard drive or flash memory and view digital images of the documents that were processed by the device, thus giving them access to sensitive personal and business information concerning the institution's customers. 

Controls 

Financial institutions should be aware of the risks posed by the potential disclosure of sensitive customer information stored on the hard drive or flash memory of photocopiers, fax machines and printers used by the institution. Financial institutions should implement written policies and procedures to identify devices that store digital images of business documents and ensure their hard drive or flash memory is erased, encrypted or destroyed prior to being returned to the leasing company, sold to a third party or otherwise disposed of. If the institution chooses to erase or encrypt the hard drive, the method used should be sufficiently robust to render the information on the disk unrecoverable. Examiners may ask to review such policies and procedures and verify that they have been effectively implemented. 

Further Information 

For further information, contact Jeffrey Kopchik, Senior Policy Analyst, at (202)-898-3872 or jkopchik@fdic.gov

 

Additional Related Topics:

  • 多宝游戏下载 Guidance on Mitigating Risk Posed by Information Stored on Photocopiers, Fax Machines and Printers
FIL-56-2010
Attachment(s)
Contact(s)
Jeffrey Kopchik, (703) 254-0459

Last Updated: September 15, 2010