By Mark Huffman

May 19, 2010

Sources of identity theft are well known. If you respond to a spam email, there's a good chance your identity will be stolen.

Likewise, large mainframe computers with your medical records or credit card account information could compromise your identity if a hacker should break in.

But here's a source you might not have considered: in millions of offices across the country there are digital photocopiers that retain the copied information on a hard drive. If the copied information includes your personal data, that too could be the source of identity theft.

Similar to computers, hard drives have become routine for midsize to large photocopiers, especially those built since 2005. All images scanned on the machines are stored in the hard drive, including documents with personal data such as medical history, Social Security numbers and bank account numbers.

Adding to the insecurity, these photocopiers are often connected to an office network and businesses may fail to place a strong password in order to gain access. The lack of a password or a weak password could enable web-savvy hackers to gain access to the network and steal stored data.

Businesses may think they have a bullet proof security system in place, but unless they have included their digital copier in the plan, there may be a gaping security flaw.

"Business owners are required under Maryland's Personal Information Protection Act (PIPA) to take steps to protect consumers' personal information," said Maryland Attorney General Douglas F. Gansler. "Without taking necessary precautions, copier hard drives could be resold to third parties, possibly in a foreign country, where identity theft is harder to control."

Business owners and office administrators have several options to protect stored data:

• "Disk Scrubbing." Businesses can purchase software that scrubs the disk or removes all the data from hard drives. This prevents even the smartest cyberthief from finding any data to steal.

• Encryption software. Software to prevent data from being stored at all or to encrypt data can be found online. Some photocopier manufacturers, such as Sharp or Xerox, offer packages with their products.

• Passwords. Place a password on the copier that cannot be easily guessed, such as a numerical password similar to a PIN. The copier would then require the password to gain access to the stored data.

Businesses that maintain personal information should protect that information and dispose of it in a manner that renders it unreadable. Improperly disposing of consumers' personal information could be considered a security breach.