PII is any information that can be used to identify, contact, or locate a specific individual, either alone or in combination with other information. PII includes, but is not limited to, name, address, phone number, email address, social security number, date of birth, biometric data, medical records, financial records, and online identifiers. PII is subject to various laws and regulations that aim to protect the privacy and security of individuals and their data. When disposing of an office printer or copier, the greatest privacy risk to PII is that a hard disk drive (HDD) in the device could contain PII. Many modern printers and copiers have HDDs that store the documents that are printed, copied, scanned, or faxed by the device. These HDDs can retain the data even after the device is turned off or reset, and can be accessed by unauthorized parties if the device is not properly sanitized or destroyed before disposal. The device could also contain a document with PII on the platen glass, which is the glass surface where the document is placed for scanning or copying, but this is less likely and less risky than the HDD. Organizational network configuration information could still be present within the device, but this is not PII and does not pose a direct privacy risk to individuals. The device transfer roller could contain imprints of PII, but this is also less likely and less risky than the HDD, and the imprints would be difficult to read or recover. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 1: Security and Risk Management, page 29. Official (ISC)2 CISSP CBK Reference, Fifth Edition, Domain 1: Security and Risk Management, page 77.
Submit