What's Stored on Your Copier's Hard Drive Can and Will Be Used Against You

Interesting blog post from my colleague Mark McCreary on his Privacy Compliance and Data Security blog last week. In it, he examines this story from CBS News concerning the dangers of disposing of digital copiers without first “wiping” their hard drives to delete stored information. CBS reported purchasing used copiers with stored images of materials from police files, design plans for a building near Ground Zero, and yes, medical records. The story was a major embarrassment for the Buffalo, NY police department and prompted a letter from Representative Ed Markey of Massachusetts to the FTC requesting action. The FTC response promises action, but does not suggest that additional regulation is likely.

As Mark suggests, it would be easy to go overboard reacting to this news. It seems as unlikely that the purchaser of your business’ used equipment is going to interested in searching through its hard drive as it is that someone will be searching through your company’s trash. But the stakes can be high, and just as one should require employees to take the time to shred sensitive paper documents before throwing them away, one should be certain that before copiers, computers, or any data storage devices are sold or discarded, they are wiped clean of any stored data.

From a litigator's perspective, this news is both inspiring and depressing.  It inspires me to consider seeking forensic examination of copier hard drives in cases involving trade secret theft, copyright infringement of printed materials, or suspected spoliation of evidence. It depresses me to think that we may soon be adding copier hard drives to the reams of largely useless electronic data the rules require us search when responding to discovery requests.

How Much, and How Should You Spend to Guard Your Trade Secrets?

To help prepare for necessary litigation in the event of a theft of company trade secrets, and to help allocate resources for trade secret protection, I recommend considering the Justice Department’ Checklist for Reporting a Trade Secret Offense. Not all the items on the list apply to every business, but if one complete the pertinent portions of the checklist before an incident occurs, one will be very far along toward determining what steps to implement and how to budget.

A recent study by Forrester Research estimates that resources available for trade secret protection are being misallocated. Other interesting Forrester conclusions are: although spending to mitigate risks of employee accidents (such as losing laptops or smartphones) is significant, losses from such mistakes tend to be relatively insignificant, the greater risk is from deliberate theft companies with more valuable secrets are targeted more often (that’s not surprising); and companies really don’t know how well their security measures actually work.

Forrester offers a number of good recommendations for businesses interested in protecting their secrets. If one considers those recommendations along with the Justice Department checklist, one will have gone a long way toward creating a plan.