How to handle decomissioned/donated/RMAed printers?

There's 2 types of MFP's that I have seen:

Those meant for SOHO/Consumer. Those does rarely have any permanent storage for documents, rather its a little flash area that stores configuration data only. If the configuration contains sensitive information, a factory reset is enough to clear information. They very often use standard SDRAM sticks (either SODIMM or standard DDR) or customized variants of these, to maintain temporary storage during printing. To clear these, its enough to leave printer unplugged from Power socket, with the power button on, for a day, to clear any resudial data and charge in capacitors.

Then we have those large copier Machines like Konica Minolta C224 and such. Those variants do have a harddrive. The harddrive does not contain any inportant information (with "important", I mean data Worth keeping. Non-important information, like cache, can be confidental too, but can be safely thrown away) for what I have seen. (only in the cases when the "storage box" function is used on the printer, the harddrive contains info Worth keeping, else the HDD only contains cache, and IMHO the "storage box" function is pretty useless) Thus a standard "zeroization" can be done, that will do a "secure delete" on the drive. On Konica Minolta, this action can be initiated from the standard "administrator -> security" menu, without technician access code. However, such a action will disable the printer aswell because this also erases the second stage firmware that is also present on the harddrive, thus the harddrive has to be reloaded with the latest firmware for the printer to become functional again, and this can only be done with access to the technician access code.

Since the harddrive mostly contain non-important data, the harddrive can IMHO be safely zeroizated everytime Before the MFP leaves the premises, regardless of it it leaves temporarly or permanently. In most times, the harddrive is also behind a access door, and can be removed to physically destroy it if requires. The harddrive can then be replaced with a new harddrive to recommision the printer somewhere elsewhere, so its NO NEED to destroy the whole printer.


Here's a pretty helpful article in case you haven't seen it: http://www.techrepublic.com/blog/it-security/the-truth-about-copier-hard-drives-tips-for-securing-your-data/

The short version is that there are some loose standards but not every vendor will adhere, so YMMV. Either do some research before buying and make sure you know what you're getting into, or if you are faced with this issue post hoc then be prepared to destroy the machine to fully meet data destruction guidelines. Since a "factory reset" function that is not properly vetted is of no practical use, destruction of the memory may be the only reliable solution.