Printing Errors Lead to Data Breach
Did you know that careless handling in printing would lead to data breach?
Often, we heard of data breaches due to insiders’ jobs or cyber-attacks. Little do we know that printing errors can lead to unintentional data disclosure and data leaks, too. Whether it is due to improper handling of printed materials (e.g. leaving printouts unattended) or printing mistakes caused by human error (or an oversight), all these mishandlings will lead to possible data breaches.
The data breaches due to printing errors are best highlighted by the following cases in Singapore. Recently, an insurer had to alert 25 -125 of their customers that their personal data had been exposed due to a printing error. What should have been an easy faxing step has mistakenly disclosed a customer sensitive data due to a wrongly printed fax number on the renewal notice. Their customers’ insurance forms have been falsely faxed to a wrong recipient (which happened to be a retailer), and that had led to the breach of PDPA.
Another printing mishandling incident happened in an insurance company, too. Their customers have been receiving letters containing another person’s sensitive data due to printing errors. The error occurred when the printing staff decided to perform double-sided printing without realising the decision will lead to unwanted data disclosure – they have another customer’s sensitive data printed on the same sheet of paper that belongs to the first customer.
All these printing mishandling issues are the red flags that we need to look into the data security in printing to avoid such data breach.
What is causing the Printing Errors?
While we agree that printing errors are sometimes inevitable, but with the right methods and print security solutions, these kinds of data breaches can be prevented. First thing first, let us take the mystery out of these unexplained or unintentional printing errors to reveal what is really happening.
- Lack of Adequate Checks
Human error is always the top reason that causes information-related fallacy, which will, in turn, leads to data breach. Some of the examples include forwarding sensitive data to incorrect recipients, wrong disclosure of personal data to the public (data disclosure without authorisation), and carelessly disposing of documents containing sensitive personal data. If we zero in the printing error, we can see that it was due to inadequate checks of information, and these errors usually occur both internally and unintentionally. Therefore, mistakes went undetected/unnoticed and printing errors occurred.
- Internal Control Deficiencies
Many times, weakness in internal control will compromise data security. To be precise, internal control is a process designed to provide adequate controls regarding the achievement of the following: effectiveness and efficiency, reliability and compliance with laws and regulations. Therefore, proper data security controls will help companies to identify data security pitfalls are hidden in their printing procedures.
How to Remedy It?
Following the data breach incident due to printing errors, the Personal Data Protection Commission (“PDPC”) in Singapore has published a new guide: Guide to Printing Processes for Organisations to help companies and print vendors to develop proper data security measures to prevent unintentional data leak.
Released on 3 May 2018, the guidelines have stipulated key principles in printing that would help companies and printing vendors to build data security policies as the way to avoid the occurrence of unwanted data disclosure caused by undetected printing mistakes, from the record management, the segregation of tasks, staff competency to the contingency plan.
While no organisation or company is exempted from the possibility of data breaches, having a set of internal control in place makes a logical step. Another highlight in the guidelines is that PDPC also suggested companies to have a Data Inventory Map (“DIM”). DIM consolidates all data in one place and will help companies and print vendors to detect possible flaws in the printing lifecycle with proper data protection measures.
Intentional (or unintentional) data leaks through the printed materials are as damaging as data breach due to cyber-attack. It is of utmost importance that companies and print vendors recognise the possible threats from printing pitfalls, be it unauthorised data viewing or unintentional data disclosure, and could do more harm than good to the company reputation. Therefore, every company needs to have a data security control in place to prevent the improper handling in printing and data security lapse.