Financial institutions need to be aware that their use of photocopiers, fax machines, and printers in processing customer transactions can result in the unintentional disclosure of sensitive and confidential customer information. In a Financial Institution Letter dated September 15, 2010, the Federal Deposit Insurance Corporation directs banks to implement written policies and procedures to address this risk.
The FDIC notes that these electronic devices may contain a hard drive or flash memory that stores digital images of documents being copied, transmitted, or printed. Because banks often lease such devices, someone who takes possession of a device after the lease ends may be able to access the digital images of documents containing sensitive personal and business information concerning the bank’s customers.
The FDIC directs banks to implement written policies and procedures to identify devices that can store digital images of documents and to ensure the hard drive or flash memory is erased, encrypted, or destroyed before the device is returned to the leasing company, sold, or otherwise disposed of. The guidance also instructs banks to erase or encrypt a hard drive using a method that renders the information on the disk unrecoverable, and notes that such policies and procedures are subject to review by examiners.