Skip to end of metadata
Go to start of metadata
Copier and Multi Function Printer Security
Copiers, Multifunction Devices, and Printers are becoming increasingly powerful and prevalent. At the same time, work at Berkeley Lab is almost entirely non-sensitive, so the risks associated with copy machines and printers are very low - as long as you do not use these devices in violation of LBL policy. Berkeley Lab policy prohibits local or network storage of Personally Identifiable Information, so using the scanning and emailing features of these copiers for PII is never permitted. Remember, fax, phone, and US Mail are the only acceptable means for transmitting personally identifiable information outside the Central Business Systems (HRIS, FMS, Travel, etc).
Toshiba Copier Scanner Fax Machines Under the Lab's Contract
The Toshiba devices you see around the lab are provided under a contract - all these printers are leased and service is included. The devices have numerous security features and are not a serious source of risk for the Laboratory if PII is not stored on the device.
When a system is returned to the vendor, it is appropriately erased before being excessed or provided to another customer.
You can learn more about the security features of these devices here. Also, read the guidance below for additional steps you can take.
Risks to Consider
- Make sure you're using the feature you intend! Don't accidentally scan when you want to copy, or fax when you want to scan!
- When using fax or scan to email, double check the destination!
- Don't use eFile for PII (of course) or even "Prudent to Protect" information without a security consultation.
Protecting Network Printers/Copiers in General
Here are some links that explain the steps you can take to secure network printers and similar devices.
Basic Security for Network Printers from UW-Madison
What if I have a network printer/mfp that I know needs to be sanitized?
If you have a Lab owned (not leased) network scanner / printer device that you know contained PII or other serious confidential information, you can contact the Computer Protection Program and we will help you work with Transportation / Excess to ensure that the local storage on the device is erased or destroyed prior to excess.