Many organizations believe that a secure pull printing solution as part of a Managed Print Services program is enough to protect (sensitive) data and prevent proprietary information from being exposed. When they do, they often think about printed documents in printer output trays. Though it is true that this is a risk factor that is likely to expose data, that is not all. This particular risk is solved by deploying pull printing, but it doesn’t prevent data risks in other stages of the printing process.
From the moment a print job is submitted, the data in it can be exposed. It travels over the network and then resides on the server or on the printing device. And what happens after the document is printed? If it is discarded, left on a desk or in a meeting room? All of these factors need to be taken into account as part of securing a print process. And pull printing is solely one aspect that requires consideration.
“Protecting the confidentiality of the personal data stored in the printers is a vital part of a GDPR compliant privacy and data security strategy. Regulatory noncompliance and compromises of personal data can result not only in fines, but, in serious cases, the shutdown of IT operations by the data protection authority,” says lawyer Martin Schiefer of the law firm Schiefer Rechtsanwälte GmbH. He further explains, “it is also part of this strategy to delete all data stored on the printers at the end of the lifecycle.”
The Austrian agency for data processing published an article on the consequences of not protecting the entire print process.