❓ A WA parliamentary question sought information on policies and procedures for erasing hard drives of disposed photocopiers across various health agencies, including details on photocopier models and handling of sensitive information. The response reveals varying practices, with some agencies having robust policies and others relying on contractors for data destruction.
AnsweredQoN 3208Legislative Assembly
Asked
12 June 2018
Member
Portfolio
Deputy Premier; Minister for Health; Mental Health
QuestionView source ↗
In respect of the Minister’s portfolio responsibilities for any of their departments, agencies, government trading enterprises or boards I ask: (a) Are there any policies or procedures in place for erasing the hard-drives of photocopiers upon their disposal from the agency: (i) If so, what are they and what software is used to erase the hard-drive; and (ii) If not, why not; (b) Could the Minister provide a breakdown (make/model/software operating system) of the photocopiers that are in use (including which are connected to a WLAN, LAN etc. and which are stand-alone) as at: (i) 1 June 2016; (ii) 1 June 2017; and (iii) 1 June 2018; and (c) Are any of the photocopiers in (b)(i)-(iii) used to scan, replicate or print sensitive or confidential information: (i) If so, what type of sensitive or confidential information; and (ii) If so, what measures are put in place to ensure this information is not retained on the hard-drive of the photocopier?
AnswerView source ↗
Answered
14 August 2018
Response time
9 days
For the Department of Health and Health Services Providers I am advised:
(a) Yes
(i) Under the Information and Communications Technology Policy Framework , WA Health has a mandatory system-wide policy relating to Information Security .
In relation to the policy : The Information Security policy requires that:
“ The only approved sanitisation and destruction methods are:
In relation to the software used to erase the hard drive: Response from the vendors on the WA Government CUA - CUA PCS 2013 Printing and Copying Machines and Solutions . This CUA is mandatory for purchasing of multifunction devices, printers, faxes, and consumables.
The following provisions apply:
Company
Requirement
Ricoh Australia
“Any Ricoh device that has a HDD has security levels in place such as HDD encryption which means the HDD is overwritten after each job to ensure no latent images are left on it”.
Fuji Xerox Australia
“Erasing of data on the HDD is automatic and conducted on the fly - Encryption and Overwriting is a standard feature on all Fuji Xerox devices. Device destruction: In fulfilling our commitment of zero waste to landfill, Fuji Xerox devices that have reached their end of life are collected for recycling. As part of this procedure, machines (including the hard disk drives) are tracked by serial number, before being destroyed via our shredding process.”
Konica Minolta Business Solutions Australia Pty Ltd
“The hard drive of the machine is sanitized by overwriting the data on it with new data, making all stored data unable to be retrieved. The default overwrite mechanism will be implemented for all devices, unless additional services are procured.”
(ii) Not applicable.
Mental Health Commission advises:
(a) Yes
(i) Direct copy, direct network print and direct network scan, methods are used so no files are saved to the local disk. Prior to disposal hard drives have a final scan to confirm no residual data has been left.
(ii) Not applicable
Healthway advises:
(a) (i) There is no policy. Photocopiers have been disposed of in line with State Government Contract WAS2016. Contractor was instructed to destroy storage media (e.g. hard drives).
(ii) Not applicable
Health & Disability Services Complaints Office advises:
(a) No
(i) Not applicable
(ii) No photocopiers with hard drives.
Animal Resource Authority advises:
(a) No
(i) Not applicable
(ii) No photocopiers with hard drives.
All agencies advise:
(b)(i-iii) Please see response to Legislative Assembly Question on Notice 3209.
(c) (i-ii) Not applicable
(a) Yes
(i) Under the Information and Communications Technology Policy Framework , WA Health has a mandatory system-wide policy relating to Information Security .
In relation to the policy : The Information Security policy requires that:
“ The only approved sanitisation and destruction methods are:
In relation to the software used to erase the hard drive: Response from the vendors on the WA Government CUA - CUA PCS 2013 Printing and Copying Machines and Solutions . This CUA is mandatory for purchasing of multifunction devices, printers, faxes, and consumables.
The following provisions apply:
Company
Requirement
Ricoh Australia
“Any Ricoh device that has a HDD has security levels in place such as HDD encryption which means the HDD is overwritten after each job to ensure no latent images are left on it”.
Fuji Xerox Australia
“Erasing of data on the HDD is automatic and conducted on the fly - Encryption and Overwriting is a standard feature on all Fuji Xerox devices. Device destruction: In fulfilling our commitment of zero waste to landfill, Fuji Xerox devices that have reached their end of life are collected for recycling. As part of this procedure, machines (including the hard disk drives) are tracked by serial number, before being destroyed via our shredding process.”
Konica Minolta Business Solutions Australia Pty Ltd
“The hard drive of the machine is sanitized by overwriting the data on it with new data, making all stored data unable to be retrieved. The default overwrite mechanism will be implemented for all devices, unless additional services are procured.”
(ii) Not applicable.
Mental Health Commission advises:
(a) Yes
(i) Direct copy, direct network print and direct network scan, methods are used so no files are saved to the local disk. Prior to disposal hard drives have a final scan to confirm no residual data has been left.
(ii) Not applicable
Healthway advises:
(a) (i) There is no policy. Photocopiers have been disposed of in line with State Government Contract WAS2016. Contractor was instructed to destroy storage media (e.g. hard drives).
(ii) Not applicable
Health & Disability Services Complaints Office advises:
(a) No
(i) Not applicable
(ii) No photocopiers with hard drives.
Animal Resource Authority advises:
(a) No
(i) Not applicable
(ii) No photocopiers with hard drives.
All agencies advise:
(b)(i-iii) Please see response to Legislative Assembly Question on Notice 3209.
(c) (i-ii) Not applicable
Explore WA Government Data
Search the full archive in the free dashboard, or query programmatically via API.
Explore more
Government Gazette
Appointments, regulatory notices, planning changes.
Hansard
Debates, questions, speeches and sentiment.
Tabled Papers
Reports and documents tabled in Parliament.
Committees
Committee profiles and recent reports.
Regulations
Subsidiary legislation with filters and summaries.
Bills
Proposed laws and parliamentary progress.
Acts
Current WA legislation and summaries.
Explanatory Memoranda
Bills with EMs (text/PDF) available.
Members
MP profiles, party breakdown and rankings.
Pollie Rankings
Data-driven rankings across 19 categories.
Amendment Chains
Track how schemes and regulations evolve over time.