nerdexam
(ISC)2

CISSP · Question #1094

Which of the following poses the GREATEST privacy risk to personally identifiable information (PII) when disposing of an office printer or copier?

The correct answer is C. A hard disk drive (HDD) in the device could contain PII. Modern office printers and copiers often contain internal hard disk drives that store copies of every document printed, scanned, or copied, representing the greatest privacy risk for PII upon disposal. Failing to sanitize or destroy this HDD before disposal can expose large volum

Submitted by andreas_gr· Mar 5, 2026Asset Security

Question

Which of the following poses the GREATEST privacy risk to personally identifiable information (PII) when disposing of an office printer or copier?

Options

  • AThe device could contain a document with PII on the platen glass
  • BOrganizational network configuration information could still be present within the device
  • CA hard disk drive (HDD) in the device could contain PII
  • DThe device transfer roller could contain imprints of PII

How the community answered

(22 responses)
  • A
    5% (1)
  • C
    95% (21)

Why each option

Modern office printers and copiers often contain internal hard disk drives that store copies of every document printed, scanned, or copied, representing the greatest privacy risk for PII upon disposal. Failing to sanitize or destroy this HDD before disposal can expose large volumes of sensitive data.

AThe device could contain a document with PII on the platen glass

A document left on the platen glass is a transient, physical risk limited to a single document and is easily mitigated by a visual inspection before disposal, making it far less significant than persistent stored data.

BOrganizational network configuration information could still be present within the device

Network configuration information (e.g., Wi-Fi credentials, IP settings) is an organizational security risk but does not directly constitute PII and therefore does not represent the greatest privacy risk to personally identifiable information.

CA hard disk drive (HDD) in the device could contain PIICorrect

Many modern multifunction printers and copiers contain an internal HDD that persistently stores images of every document processed - potentially thousands of pages of PII accumulated over the device's lifetime. Unlike volatile or physically limited risks, an HDD can be retrieved, mounted, and forensically analyzed by a malicious actor after disposal, exposing massive amounts of sensitive data. NIST SP 800-88 specifically addresses the need to sanitize storage media, including HDDs in networked peripherals, before disposal.

DThe device transfer roller could contain imprints of PII

While transfer rollers can retain faint toner impressions of recently printed pages, the imprints are typically fragile, degraded, and limited to the last few pages processed, making this a minimal and impractical risk compared to a searchable HDD full of stored documents.

Concept tested: Secure disposal of devices with persistent PII storage

Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf

Topics

#data disposal#PII#hard drive sanitization#asset disposal

Community Discussion

No community discussion yet for this question.

Full CISSP Practice