NJ assembly passes bill requiring information stored on copy machines, scanner be deleted

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://www.courierpostonline.com/article/20120529/NEWS02/120529003/1007/news02

In an effort to combat identity theft, a bill that would require
information stored on copier machines and scanners used by consumers
be wiped clean has passed the New Jersey Assembly.

Democrats Paul Moriarty, Herb Conaway, M.D., and Dan Benson sponsored
to combat identity theft by requiring the hard drives of all digital
copy machines to be wiped clean to protect sensitive, personal
information was approved 51-28 Thursday.

The information is stored on each machine, in some cases in
perpetuity, unbeknownst to millions of consumers.

"Most digital copy machines use internal hard drives, which store
every document that has been scanned, printed, faxed or emailed by
the machines, many times numbering in the tens of thousands by the
time copier is resold or returned at the end of a lease agreement,"
said
Moriarty D-Gloucester/Camden, who chairs the committee.

"Besides the serious threat of identity theft, consumers are also
vulnerable to repercussions posed by sensitive medical records
or police documents," said Conaway (D-Burlington) "There's a simple
way to eliminate these risks and we need to make sure it's
instituted."

According to a 2008 survey commissioned by electronics manufacturer
Sharp, 60 percent of consumers are not aware that copiers
store images on a hard drive.

The bill (A-1238) requires that a person destroy, or arrange for the
destruction of, all records stored on a digital copy machine, which is
no longer to be retained by that person, by erasing or otherwise
modifying those records to make the records unreadable, undecipherable
or through generally available means.

"It probably wouldn't even occur to most people that documents they
scan or print on a copier are stored on that machine, sometimes for
the entire life-time of the machine," said Benson, D-Mercer/Middlesex.
"Given how often electronics are leased or resold these days, it's
important that measures safeguarding against identity theft are put
into place."

The bill calls for the owner of a digital copy machine, and the lessee
to whom the digital copy machine is leased, are responsible for the
destruction, or arranging for the destruction, of all records stored
on that machine.

According to the bill, a person that willfully or knowingly violates
the provisions of the bill is liable to a penalty of up to $2,500 for
the
first offense and up to $5,000 for the second and each subsequent offense.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.