Despite the full implementation of the Personal Information Protection and Electronic Documents Act (PIPEDA) on January 1, many companies continue to take a wait-and-see approach to compliance.
What privacy practitioners will tell you, however, is that privacy is more than a legal obligation – it’s good business. Failure to adhere to legitimate privacy practices may impact a company’s customer base, business relationships and, ultimately, competitive edge. But compliance is more than simply cobbling together a privacy code and policy. Organizations that take the time and effort to be fully compliant will reap the residual benefits. Not only will privacy minimize risk in terms of the personal information of clients, it will instill a level of trust that will translate directly into goodwill and an improved asset base.
Linda Drysdale, leader of the Canadian Privacy Practice at PriceWaterhouseCoopers, refers to this as “privacy governance”, which, like corporate governance, promotes virtues such as transparency, accountability and corporate responsibility. Privacy governance, she adds, means going beyond compliance to implementing good privacy practices that are critical to building and maintaining corporate reputation, brand image and trust among customers, employees and other stakeholders.
“Good privacy governance is about aligning privacy obligations with day-to-day business realities,” says Drysdale. “This means putting processes into place that prevent and address problems, monitor compliance, while at the same time ensuring effective and consistent communication with internal and external stakeholders.”
destroying digital footprints
Document security lies at the heart of PIPEDA. Not only are companies responsible for properly managing the lifecycle of information so that data and documents are kept only for as long as absolutely necessary, and then properly disposed of, but they are also responsible for providing security processes that protect personal information against tampering, theft or unauthorized access to data and files.
These processes ensure that back-office systems adhere to the privacy policies company leaders envision, from destroying documents to putting restraints into place that prevent unauthorized parties from getting physical access to hard documents. Properly disposing of data also means destroying digital footprints such as those left on network, workstation and printer hard drives.
The full implementation of the law this year has stirred up a great deal of debate as to how security is handled within corporate network infrastructures – not so much by networks themselves, which for the most part are protected behind firewalls and other security initiatives, but rather by the people in charge of information on a day-to-day basis.
A great deal of effort is spent securing confidential corporate information such as financial files, databases, proprietary drafts and more. Companies go to extraordinary lengths to secure these files from unauthorized access or the possibility of files being misplaced. In recent months, some companies have even instituted rules that prohibit the use of digital and cell-phone cameras on company premises.
But leaks do occur – accidental or otherwise – and the responsibility of making sure they don’t falls on IT professionals. Organizations rely on these individuals to keep company leaders apprised on where security measures need to be implemented. It’s a fairly weighty responsibility, and not exactly a comfortable position for some.
Privacy and security is an extensive topic, and PIPEDA covers a wide array of areas that extend beyond document security. But one area that may be overlooked within many enterprises is the area of multifunctional printing devices (MFPs), which are equipped with hard drives and, as such, retain digital footprints every time something is printed, copied, scanned or faxed over a network.
watch your peripherals
Within networked environments, computer e-mail is tracked for many purposes and in some cases blocked altogether, depending on internal rules and restrictions. But a peripheral device such as a networked scanner connected to an e-mail exchange server can bypass security protocols or tracking mechanisms, resulting in confidential documentation leaving a secure network undetected.
Companies can protect themselves by installing such measures as authentication protocols on MFP devices, which, among other things, require employees to pass security screenings at the device prior to disseminating any data. These measures can also keep track of who receives data, when data is sent, and where it is sent, much the same way e-mail is tracked. Companies requiring higher degrees of security can stipulate that documents be sent to a secure site only accessible by personnel with security clearance and dedicated software to open files.
Where files are printed within a network is usually determined and set up through IT departments. However, a few short strokes can be used to change workstation settings so that protocols are bypassed and files sent to a specific device. This can also be prevented by installing a simple feature that blocks unauthorized access to computers control panels and print settings.
Consider a standard employee workstation. Employees face a computer screen, keyboard and mouse. Strip these away and you are left with a main board, a hard drive, RAM and data. Now take an average MFP and strip away the copier, printer, scanner and fax functions. You are also left with a main board, hard drive, RAM and data. Since this data is accessible and retrievable, many companies incorporate “data-shredding” technology that provides a sense of security that is often false, since digital shredding is simply the overwriting of data or the file-allocation-table of the hard drive. Astute individuals can recover “erased” data easily, and in fact software is readily available to retrieve over-written data as far down as five layers.
What about workstations and copiers that were on lease and have been sold secondhand to someone else, or replaced altogether by IT staff diagnosing a problem? There is no shortage of horror stories about old data rearing its head. Last year, a St. Paul, MN, lawyer was sent data retrieved from an old hard drive he thought had been destroyed. In Victoria, BC, a technician was surprised when the machine he just fixed spat out more than 30 arrest warrants.
The only sure method of protecting such data is through encryption technology residing on the MFP. PIN printing, NIC card protocol, address blocking, authentication, encryption, data shredding, audit trails, and account code authentication are all features available with current MFP technology. But it does pose the question: How do you know you can trust security measures being implemented on an MFP?
common criteria certification
The International Common Criteria Consortium was implemented in 2000 to test and authenticate security of computers, peripheral devices and software. Common Criteria is the internationally recognized methodology for evaluating the security claims of information systems, hardware, and software vendors. In this case, standardized Common Criteria evaluations validate the accuracy of the security technology available on MFPs.
In the U.S., Federal agencies dictate that businesses use Common Criteria to streamline the selection process of printer/copier/scanner/fax systems with the highest certification standards to ensure they get the best security solution for their businesses.
In Canada, the Common Criteria Certification addresses a number of PIPEDA document security guidelines, namely that:
– Safeguards be in place to protect personal information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification;
– That organizations protect personal information regardless of the format in which it is held; and
– That care is used in the disposal or destruction of personal information, to prevent unauthorized parties from gaining access to information.
“Secure document destruction is critical to effective privacy governance,” says Drysdale. “And certainly a process where information is disposed of at the source would be of great help to companies, along with measures that properly manage the destruction of hard documents and sensitive files.”
controlling document access
PIPEDA also dictates that care be used in the “disposal or destruction of personal information, to prevent unauthorized parties from gaining access to the information.” This means physical documents also need safeguards. This is where emerging technologies also exist, allowing users to view documents without actually having physical access to files. The file is secured behind an authentication process that permits users only to read files. Documents cannot be printed, captured, saved, sent or otherwise stored without permission. The viewing of the data may also be controlled by way of when the information can be shown and not shown. Auditing features also determine who has viewed a document, when it was viewed, and if it was printed, copied or faxed.
As Drysdale points out, there are challenges to achieving good privacy governance, even for the most committed organizations, especially in an environment where privacy requirements are emerging and constantly evolving.
“Practical issues like transforming casual practices into actual privacy governance, integrating processes and systems into an organization’s infrastructure, or simply knowing where to begin are other common challenges,” adds Drysdale. “Once a path is carved out, however, this is an opportunity for companies to achieve competitive advantages and increased efficiencies.”
Gary W. Jarosz is Vice President, Sharp Canada Business Solutions, and the company’s expert on privacy and security.
