CISSP · Question #1094
Which of the following poses the GREATEST privacy risk to personally identifiable information (PII) when disposing of an office printer or copier?
The correct answer is C. A hard disk drive (HDD) in the device could contain PII. Modern office printers and copiers often contain internal hard disk drives that store copies of every document printed, scanned, or copied, representing the greatest privacy risk for PII upon disposal. Failing to sanitize or destroy this HDD before disposal can expose large volum
Question
Options
- AThe device could contain a document with PII on the platen glass
- BOrganizational network configuration information could still be present within the device
- CA hard disk drive (HDD) in the device could contain PII
- DThe device transfer roller could contain imprints of PII
How the community answered
(22 responses)- A5% (1)
- C95% (21)
Why each option
Modern office printers and copiers often contain internal hard disk drives that store copies of every document printed, scanned, or copied, representing the greatest privacy risk for PII upon disposal. Failing to sanitize or destroy this HDD before disposal can expose large volumes of sensitive data.
A document left on the platen glass is a transient, physical risk limited to a single document and is easily mitigated by a visual inspection before disposal, making it far less significant than persistent stored data.
Network configuration information (e.g., Wi-Fi credentials, IP settings) is an organizational security risk but does not directly constitute PII and therefore does not represent the greatest privacy risk to personally identifiable information.
Many modern multifunction printers and copiers contain an internal HDD that persistently stores images of every document processed - potentially thousands of pages of PII accumulated over the device's lifetime. Unlike volatile or physically limited risks, an HDD can be retrieved, mounted, and forensically analyzed by a malicious actor after disposal, exposing massive amounts of sensitive data. NIST SP 800-88 specifically addresses the need to sanitize storage media, including HDDs in networked peripherals, before disposal.
While transfer rollers can retain faint toner impressions of recently printed pages, the imprints are typically fragile, degraded, and limited to the last few pages processed, making this a minimal and impractical risk compared to a searchable HDD full of stored documents.
Concept tested: Secure disposal of devices with persistent PII storage
Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf
Topics
Community Discussion
No community discussion yet for this question.