The “Schredder Affair” has made big waves in Austria. What’s really behind it and how do you deal with it as an entrepreneur?
When computers or network printers are sold used or disposed of, the data on the hard disks must be erased in such a way that it cannot be recovered. Sensitive data must not be made accessible to unauthorized persons.
Why do printers store data?
Not every printer stores data. Copiers that scan multiple pages before the pages are finished printing must save the data until they are finished printing. For this reason, almost all large office printers have built-in hard drives. In addition to data about the documents actually printed or copied, these printers also store data such as the e-mail directory for delivering scans, the phone book for delivering faxes, and information about access permissions.
There is no data on the printer hard disk itself that is intentionally kept there. The scans and printouts are usually deleted by the printer immediately after the print job is completed. These data can be recovered by experts in the field of data recovery.
Why can deleted data be recovered?
When erasing, it is noted that the location on the hard disk is available again, but the data is not overwritten immediately.
Therefore, experts can recover data that are “deleted”.
Over time, the data will be overwritten by new print jobs. It is therefore random which data is overwritten (finally destroyed) or recoverable.
The same applies to formatting hard disks. Normal formatting is like removing the table of contents from a book. This applies to printer hard disks and also to hard disks from computers and servers.
What should be done when a printer is resold or disposed of?
Before a printer is disposed of or resold, two steps are necessary.
- A reset (reset to factory settings) must be performed, during which all settings as well as directories (e-mail, phone,…) are deleted.
- The hard disk must be “securely erased”.
Data is “securely erased” when the data on the hard disk is overwritten. Unfortunately, this is not as easy as it sounds.
Overwriting all data on a hard disk is possible with appropriate software. Once the data is overwritten, it cannot be recovered. Unfortunately, current hard drive technology throws a spanner in the works. To increase the lifetime of the hard disk or to avoid memory errors, some hard disks decide independently that some areas are no longer used. These are therefore not overwritten. This means that even a hard disk that looks completely empty can still contain (a few) data that an expert can read out.
The difference between a correctly erased hard disk and one from which an expert can recover almost all the data is impossible for a layman to determine.
For this reason, the destruction of the hard disk by an appropriate service provider is the safest way for a layman to delete the data.
What is behind the shredding affair now?
As described, printer hard disks are not used for archiving. Despite ongoing overwriting during printing and formatting the hard disk, the risk remains that data can be partially read by experts in the field of data recovery. If it is personal data that is still on the hard drive, then you are in violation of the GDPR and must expect a heavy fine.
The safest method is therefore to destroy the hard disk, e.g. shred it.