Protect your data

IL staff writer Rebecca Berfanger wrote this post.

The June edition of the Evansville Bar Association newsletter, the E-Summation, had a brief article explaining how even copiers might have data chips that store information, including images of anything that is scanned on them, and that attorneys should be aware of this. Bottom line: Just because you take your copies and originals with you, it doesn’t mean no one else can access those images later.

This makes sense, as I’ve used the copier at our office to make PDFs, and many copiers have this capability as a way to save time and paper when trying to e-mail a document or when posting something online as a PDF.

While Susan Vollmer, the executive director of the EBA, said she wasn’t aware of a specific case of this occurring to any lawyers in southwest Indiana, she included it in the newsletter because an attorney member of the organization sent her a message about the concern, including a link to this YouTube video

There was also an attorney who mentioned this at the Indiana State Bar Association’s Solo and Small Firm Conference on June 4 at a CLE session about security for law firms. That session was led by Lincoln Mead, IT director of the Utah State Bar Association, who was also one of the speakers at the Tech Camp June 3.

While most of what Mead said at the June 4 session was about how to protect information coming in and out of a law firm – including various types of server hardware, how to detect viruses and spyware, and security concerns that larger firms would generally hire an IT department to keep an eye on – he mentioned that printers might store information without a user’s knowledge.

After he mentioned this, an observer in the room also brought up the issue of copiers holding information. Unfortunately, I didn’t get a chance to flag him down afterward, so it’s possible it was the same attorney who sent this information to Vollmer or someone who may have read or heard about this from the E-Summation. Or it’s possible someone may have accessed information he had scanned at what he assumed was a secure copier.

Another security tip anyone can benefit from: Anything that stores information shouldn’t leave the building, except in teeny tiny pieces, Mead said. He suggested that if firms want to donate old computers to schools, non-profits, or anyone else who could benefit from them, they should. But first, they should have a day where the kids come in and, with hammers, destroy any chips that might have information on them, even if the data was erased already.

He also suggested that when firms shred old documents, they not only shred, but that they burn or pulp the bits of paper, whichever their state allows, as a way to ensure no one else will ever access confidential information.

Have you used any of these methods to protect information? Will you consider it from now on?