Why the Print System must be Secured
The foundation of a GDPR compliant system is a well-designed and secure information system. The regulation raises the bar by stating that security should be designed in from the beginning and that personal data should be anonymised wherever possible.
The print system is not exempt from these requirements. An unsecured print system can leave your organisation vulnerable for two reasons: it is a point of entry for an attacker, and printed documents themselves can be a source of data loss. In a 2017 Quocirca report, more than 80% of companies report concerns about print-related data losses, with 61% reporting actual losses in the past year.
About PaperCut
Papercut is a leading global provider of Print Management software with its PaperCut NG and PaperCut MF product line.
With nearly 125,000 multifunction and/or single function devices running PaperCut MF across the 28 European Union countries, we provide a trusted product to ensure that all requirements can be met from cost control through to enhanced productivity underpinned by a market leading security features.
Below are five practical steps you can take to have your printing system comply with GDPR requirements, and how PaperCut MF can help you achieve them.
5 Actionable Steps for GDPR Compliance
1. Secure your print system
Securing your print system is all about securing the end-to-end workflow from the time a user issues a print command through to the lifecycle of a printed document. Key infrastructure, such as print servers and network, need to be correctly secured. Print Management solutions, such as PaperCut NG and PaperCut MF, play an important role in helping build secure print infrastructure. PaperCut’s Security WhitePaper2 provides a clear guide on how to make your print system secure.
2. Stop unwanted printouts with Secure Print Release
It is not uncommon for organisations to throw away hundreds of documents left uncollected on printer trays each day. This is highly wasteful and the information in these documents is often private or confidential and should not be leaked. Secure Print Release is a simple and proven solution; documents are not actually printed until the user walks up to the printer and authenticates themselves. This feature alone will typically more than just implementing a print management solution such as PaperCut MF, driving both a positive ROI & payback in conjunction with strong security enhancements.
3. Implement policies to protect printed documents
Even when a printed document is delivered into the hands of the intended recipient, thought should be given to what happens then. How are documents stored in the workplace and how are they disposed of? Is confidential information being put at risk?
Often documents are taken outside the workplace, where the risk of information loss or a data privacy breach is higher. Employees should be trained to take appropriate care of printed material outside the office. If a mistake or breach occurs, it is important to be able to trace where and when the document was printed and by whom. The ability to trace a document source is also a strong incentive for users to take appropriate care.
4. Support a Data Subject’s Right to Access their information
The GDPR requires that organisations protect the rights of Data Subjects for which personal or identifying information is stored. A specific right of a Data Subject is to be able to request and obtain all the information that a Data Controller is holding about them.
A print management system, such as PaperCut NG or MF, stores information about each user including name, email addresses, and printing history.
PaperCut NG and MF now provide a simple tool for reporting all related information for a specific user, making it simple for organisations to meet their data access right obligations.
This feature will export all known information about a specific user that is currently being stored in Papercut NG or MF, including things such as username, print behaviour and history, print job names etc.
5. Support a Data Subject’s Right to be Forgotten
Another right specifically granted to Data Subjects is to be able to request that an organisation “forget” all information held about them if no longer needed. A typical example is an ex-employee who does not want an organisation to retain the printing history.
PaperCut NG and MF now provide a simple command for erasing all identifying information relating to a specific user from the database.
This command deletes the user’s account in PaperCut NG or MF and redacts identifying data including the user’s transaction history, job history, account details, and personal details. However, the transactional detail will still be held in the database for reporting and costing purposes, just without any associated user information, e.g. username.
Summary
The GDPR puts obligations on all organisations to take data privacy seriously and protect the rights of their users. This responsibility extends across the spectrum of IT systems, including the print system. We are committed to helping our customers meet their GDPR obligations and our solutions provide a range of specific features that help our customers comply.
For more information please contact the STORM team on 01908 272729.