View more on these topics

FSA says that digital photocopiers pose security risk

The FSA has warned that digital photocopiers pose a data security risk if financial services firms fail to properly erase stored information when the machines are replaced.

In its latest financial crime newsletter, the FSA says since 2002, most digital photocopiers have been fitted with a hard disk that saves the details of documents and information that has been put through the machine.

The regulator says that as inf-ormation could include clients’ personal details, it is essential that the data is erased when photocopiers are replaced.

In April 2008, the FSA published a report on data security in financial services which outlines best practice procedures for the disposal of hardware.

The FSA warns: “Firms need to include digital photocopiers in the devices which require concern when disposing of hardware. Getting data protection wrong can bring commercial, reputational, regulatory and legal penalties.”

Paladin Financial Services managing director Tim Purdon says : “I did not know there were hard disks inside photocopiers and I think many IFAs may also be unaware of this.

“This is a timely warning for us all. I would encourage IFAs to check their equipment and make sure that if their machine has a hard disk, it is erased properly.”


News and expert analysis straight to your inbox

Sign up


There are 20 comments at the moment, we would love to hear your opinion too.

  1. and it has taken 8 years for them to let people know of this?

    get on the ball.

  2. It’s a shame it’s taken a bit longer thsn that to erase the FSA

  3. Lindsay Lockett 15th July 2010 at 1:18 pm

    I think it would be best if the FSA took on the task of regulating the photocopier industry as well, then we could all sleep easy.

  4. One could argue that any prudent “man of business” ought to be aware of where client or indeed his own personal data is stored.

    I love to kick the FSA as well as the next man (and that is a lot) but maybe they expected IFA’s to understand what and how their kit behaved, and in fairness to them on this occassion I don’t think that is an unreasonable expectation…

  5. Julian Stevens 15th July 2010 at 1:34 pm

    We have a Kyocera 1620 digital photocopier (and an excellent machine it is too).

    We checked with our service agents who supplied and maintain it for us and they tell us that it definitely does not incorporate a hard disk drive. Apparently, only the very largest machines include them. Most do not.

    Perhaps it might have been more appropriate for the FSA to have issued a more carefully considered (ha!) warning to the effect that some but by no means all digital photocopiers contain hard disk drives and that firms are advised to ensure that as and when the machine is disposed of, this is removed in the interests of data security.

    As always, there is a good way of doing something and, regrettably, what may in the fullness of time, come to be known as the FSA way.

  6. No doubt that following the extermination of good honest brokers,the FSA will erase stored information about them, won’t they ?

  7. At our last FSA inspection I saw the lead inspector standing looking confused in front of the shredder with a piece of paper in his hand.

    “Listen,” the FSA guy says, “This is a very sensitive and important document, and my team has left for the day. Can you make this thing work?”

    “No problem,” I said and turned the machine on, inserted the paper, and pressed “Start.” “Excellent!” said the FSA man as his paper disappears inside the machine.

    “Now I just need one copy”

  8. Why does the FSA feel a need to do the ICO’s job.

    Anyway, perhaps the NHS, the IR, the MoD and numerous other government agencies (including the FSA itself) ought to get its own data protection procedures sorted out before preaching to IFAs.

  9. “The FSA have today announced that crossing the road is not safe due to the number of big cars which could run you down. A new regulation now requires everyone to wait for an FSA official to hold their hand when crossing”

    A Director of AMI who is also a member of the RAC said ” As usual I would not wish to upset anyone at the FSA therefore We fully endorse and understand the risk posed in crossing the road and will be advising our members accordingly”

  10. Martyn Sinclair 15th July 2010 at 2:48 pm

    I am sure that this directive or advisory (must be compliant) follows an email that was doing the rounds about this very subject. This is a real problem that exists not just for IFA’s but every single company including the Police who use digital photocopiers. When I saw the email i immediately sent a copy to my compliance officer becasue it scared the living daylights out of me, not just about my IFA work, but also if i stay in a hotel and my passport is copied for security reasons. This problem is universal and includes the FSA building and offices itself. Rather than just sending out the adviosry or notification, it woul dhave actually been useful if the FSA had published how they have dealt with this problem. I am absolutely sure that they onluy realised following the expose on the American documentary that hit cyberspace. My advice to anyone is make sure that if someone is copying your personal data onto a photocopier that you ensure it is erased from the hard drive. How you do that I havent a clue!!!

  11. Our photocopier will only save an image to the hard drive if that option is selected by the user… (as against sending the image to a computer or memory stick) .. so like you have to consciously be aware that’s what you are doing…

    …..and according to all those forensic bods on the telly, the only way to totally remove data from a hard drive is with a pick axe…. way to go!

    (I hope the photocopier companies have all the necessary licences from the ICO…)

  12. Photocopier Plug - Fuse alert! 15th July 2010 at 8:09 pm

    Perhaps the FSA should now advise what AMP fuse I should have in my photocopier plug?

  13. Martyn Sinclair 16th July 2010 at 9:31 am

    We all including me, do a lot of FSA bashing on this web site – but having seem the CBS news report about this the FSA are 100% right to bring this to our attention. The shame is that they didnt discuss it terms of what they are or have done because this is an issue that affects everysingle company who uses modern digital photocopiers. The problem is when the machine is sold as the expose on CBS news clearly demonstrated.

  14. This issue has been around for a while and firms need to consider the impact carefully – there is more to this than just disposal as I have pointed out to my clients.

    Whilst disposal is an issue you also have to consider servicing. Whenever an engineer (or anyone else) has unrestricted access to your machine they have the ability to access the data or indeed potentially swap the hard drive.

    The security of your machine (eg at night when the cleaners are in) is just as important as the access to your PC. If you wouldn’t leave your PC open to use by all and sundry you need to consider the same issue for your photocopier.

    You need to think about all the risks to your business and data not just the obvious ones.

    Hope this helps

  15. ET (1747 15 Jul 10) displays spectacular ignorance as to how his technology works. There’ll be a copy on that drive till it’s overwritten – which could be at any time in the future or perhaps even never.

    Those of us who’ve worked in properly secure environments have been alive to the issue for years. Those of you who’ve never had that joy, take a look at e.g., to see what lengths you need to go to in order adequately to address the issue.

  16. It’s a pity that Nanny FSA can’t excercise the same diligence in doing its main job properly. i.e. protect the consumer from things like the banking crisis, Equitable Life, Independent Insurance (and the wider issue of insurers buying the market at a substantial loss), home revesion schemes etc. etc.

  17. I don’t know why the FSA is getting so exercised by this issue. We fax clients ID, proof of residence, bank statements, savings accounts to banks in Glasgow. There seems to be a black hole up there as half of them go missing anyway!

  18. Compliane Man – I understand your comments re service engineers. Ultimately once you have carried out your due diligence, you have to turst somebody. The alternative is to do EVERYTHING yourself.
    The point is to limit access and to have a clear trail of those who potentially could have acccessed information. You cannot stop those you trust (after doing your due diligence) from acting incorrectly, but what you can do is make sure if one of the limited number of people does so, you can identify who was breached your security.

  19. Adam Smith 16 July 2010.. ignorant.. I most probably am…

    The original question was a valid point …. I did however check with our photocopier suppliers and then went off and had a look at the Photocopier.. yep Hard Disk it has.. anything on it… no.. well nothing IFA wise.. a couple of original invoices to the Photocopier peeps…… If its got the 30GB* of scans I have put through it, they must be hiding elsewhere..

    With your experten knowledge can you please tell me where these ‘copies’ are…….as if I ever need a data back up…. 🙂 Thanks

    * 25 filing cabinets..!


    “FSA says that IFA memories pose security risk, RDR will allow too many of them to wander the streets with their memories intact”.

    “FSA says filing cabinets pose security risk”

    “FSA says….


    FSA running out of useful things to say?

Leave a comment


Why register with Money Marketing ?

Providing trusted insight for professional advisers.  Since 1985 Money Marketing has helped promote and analyse the financial adviser community in the UK and continues to be the trusted industry brand for independent insight and advice.

News & analysis delivered directly to your inbox
Register today to receive our range of news alerts including daily and weekly briefings

Money Marketing Events
Be the first to hear about our industry leading conferences, awards, roundtables and more.

Research and insight
Take part in and see the results of Money Marketing's flagship investigations into industry trends.

Have your say
Only registered users can post comments. As the voice of the adviser community, our content generates robust debate. Sign up today and make your voice heard.

Register now

Having problems?

Contact us on +44 (0)20 7292 3712

Lines are open Monday to Friday 9:00am -5.00pm