Simple Printing Errors Lead to Data Breach: Too Unconventional, Yet Possible
Did you know that careless handling in printing would lead to a data breach?
Often, we heard of data breaches due to insiders’ jobs or cyber-attacks. Little do we know that printing errors can lead to unintentional data disclosure and data leaks, too. Whether it is due to improper handling of printed materials (e.g. leaving printouts unattended) or printing mistakes caused by human error (or an oversight), all these mishandlings will lead to possible data breaches.
The data breaches due to printing errors are evident in Singapore. Recently, an insurer had to alert 25 -125 of their customers regarding the safety of their personal data due to a printing error. What should have been an easy faxing step has mistakenly disclosed a customer sensitive data. This is even if it’s due to a wrongly printed fax number on the renewal notice. Their customers’ insurance forms have been falsely faxed to a wrong recipient which happened to be a retailer. As a result, it had led to the breach of PDPA (Personal Data Protection Act).
Another printing mishandling incident happened in an insurance company, too. Their customers have been receiving letters containing another person’s sensitive data due to printing errors. The error occurred when the printing staff decided to perform double-sided printing without realising the decision will lead to unwanted data disclosure – they have another customer’s sensitive data printed on the same sheet of paper that belongs to the first customer.
All these printing mishandling issues are the red flags that we need to look into the data security in printing to avoid such data breach.
What is Causing Printing Errors?
While we agree that printing errors are sometimes inevitable, but with the right methods and print security solutions, these kinds of data breaches can be prevented. First thing first, let us take the mystery out of these unexplained or unintentional printing errors to reveal what is really happening.
Lack of Adequate Checks
Human error is always the top reason that causes information fallacy, which will, in turn, leads to a data breach. Some of the examples include:
- forwarding sensitive data to incorrect recipients
- wrong disclosure of personal data to the public (data disclosure without authorisation),
- carelessly disposing of documents containing sensitive personal data
If we zero in the printing error, we can see that it was due to inadequate checks of information, and these errors usually occur both internally and unintentionally. Therefore, mistakes went undetected/unnoticed and printing errors occurred.
Internal Control Deficiencies
Many times, weakness in internal control will compromise data security. To be precise, internal control is a process that provides adequate controls regarding the achievement of the following:
- effectiveness and efficiency
- reliability
- compliance with laws and regulations
Therefore, proper data security controls will help companies to identify data security pitfalls in their printing procedures.
How to Remedy It?
Following the data breach incident due to printing errors, the Personal Data Protection Commission (“PDPC”) in Singapore has published a new guide. With the title “Guide to Printing Processes for Organisations”, it helps companies and print vendors to develop proper data security measures. In effect, this prevents unintentional data leak.
Released on 3 May 2018, the guidelines have stipulated key principles in printing. Essentially, this would help companies and printing vendors to build data security policies as a way to avoid the occurrence of unwanted data disclosure caused by undetected printing mistakes. Actions include record management, segregation of tasks, staff competency, and contingency planning.
While no organisation or company is invulnerable from the possibility of data breaches, having a set of internal control in place makes a logical step. Another highlight in the guidelines is that PDPC also suggested companies to have a Data Inventory Map (“DIM”). DIM consolidates all data in one place. This will help companies and print vendors detect possible flaws in the printing lifecycle with proper data protection measures.
Lesson Learned
Intentional (or unintentional) data leaks through the printed materials are as damaging as data breach due to cyber-attack. It is of utmost importance that companies and print vendors recognise the possible threats from printing pitfalls. Whether it is unauthorised data viewing or unintentional data disclosure, vigilance could do more harm than good to the company’s reputation. Therefore, every company needs to have a data security plan in place. This prevents improper handling in printing and data security lapse.
