❓ A WA parliamentary question investigates the policies and procedures for erasing hard drives of disposed photocopiers across various government agencies, revealing inconsistencies in data security practices. The Attorney General's response highlights varying levels of security, from physical destruction to encryption and overwriting.
AnsweredQoN 3201Legislative Assembly
QuestionView source ↗
In respect of the Minister’s portfolio responsibilities for any of their departments, agencies, government trading enterprises or boards I ask: (a) Are there any policies or procedures in place for erasing the hard-drives of photocopiers upon their disposal from the agency: (i) If so, what are they and what software is used to erase the hard-drive; and (ii) If not, why not; (b) Could the Minister provide a breakdown (make/model/software operating system) of the photocopiers that are in use (including which are connected to a WLAN, LAN etc. and which are stand-alone) as at: (i) 1 June 2016; (ii) 1 June 2017; and (iii) 1 June 2018; and (c) Are any of the photocopiers in (b)(i)-(iii) used to scan, replicate or print sensitive or confidential information: (i) If so, what type of sensitive or confidential information; and (ii) If so, what measures are put in place to ensure this information is not retained on the hard-drive of the photocopier?
AnswerView source ↗
Answered
14 August 2018
Response time
9 days
(a)
THE CORRUPTION AND CRIME COMMISSION
(a) Yes
(i) The Commission has policy and procedures for asset disposal. The hard drives are physically removed and destroyed - either by incineration, mechanical crushing or shredding.
(ii) Not applicable
THE DEPARTMENT OF JUSTICE
(a) Yes.
(i) The Department of Justice disposes of Multi-Function Devices (MFD’s) in full, through the leasing vendor Ricoh. Ricoh comply with the Department of Finance Government Procurement Contract CUAWAS2016 Waste Disposal and Recycling Services Category E – ICT Equipment Disposal (e-Waste), to transition the MFD’s to a contractor for disposal. Software is not used to erase the MFD’s hard-drive. Data on the hard-drives is encrypted and cannot be read, thereby protecting the data from theft. As an added protection, all latent images are overwritten. MFD hard-drives undergo e-Waste disposal to ensure that they are physically destroyed and no data can be recovered.
(ii) N/A
EQUAL OPPORTUNITY COMMISSION
(i) No. Not applicable;
(ii) Erasing of data on the hard drive is conducted automatically. Encryption and overwriting is a standard feature on all Fuji Xerox devices. The hard drive is destroyed by default upon disposal/return of the multifunctional device to the supplier.
THE LEGAL PRACTICE BOARD INCLUDING THE LEGAL PROFESSION COMPLAINTS COMMITTEE (WHICH IS A COMMITTEE OF THE BOARD)
(i) – (ii) While we do not have a specific policy regarding erasing of hard-drives of photocopiers upon their disposal, hard-drives of photocopiers are erased by external contractors.
A new Information Security Policy is currently being developed that includes disposal of devices containing sensitive or confidential information.
LEGALAID WA
(i) No policies or procedures are in place for erasing the hard-drives of photocopiers upon their disposal from the agency
(ii) Hard drives on photocopiers are encrypted to prevent unauthorised access to information stored on the hard drive of the photocopier
OFFICE OF THE COMMISSIONER FOR CHILDREN AND YOUNG PEOPLE
(i) None.
(ii) No documents are saved to the photocopier hard drives.
OFFICE OF THE DIRECTOR OF PUBLIC PROSECUTIONS
(i) There is no written policy and procedure in place in regard to erasing hard-drives of photocopiers upon their disposal.
The ODPP disconnect the hard drive before sending the photocopier for disposal.
The ODPP destroys the hard drive in-house.
(ii) Given that the ODPP destroys its own hard drives, it does not require a written policy for their disposal.
OFFICE OF THE INFORMATION COMMISSIONER
(i) Yes. All hardware is erased before disposal. In 2015 the previous photocopier was removed by the successful tenderer as part of the purchase arrangement for the new photocopier and included removal and destruction of the hard drive. The software used is unknown
(ii) Not applicable.
SOLICITOR GENERALS OFFICE
(i) – (ii) The State Solicitor's Office supplies and maintains the photocopiers for the Solicitor General's Office. All policies or procedures are those of the State Solicitor's Office.
STATE SOLICITORS OFFICE
(i) Yes. Hard drives of Xerox photocopiers are re-set by Xerox technicians as a part of the decommissioning process using CentreWare Internet Services for Xerox devices. This process erases agency data while retaining the basic software on the hard drive.
(ii) N/A
(b) Please refer to Legislative Assembly Question on Notice 3209.
(c) Not applicable.
THE CORRUPTION AND CRIME COMMISSION
(a) Yes
(i) The Commission has policy and procedures for asset disposal. The hard drives are physically removed and destroyed - either by incineration, mechanical crushing or shredding.
(ii) Not applicable
THE DEPARTMENT OF JUSTICE
(a) Yes.
(i) The Department of Justice disposes of Multi-Function Devices (MFD’s) in full, through the leasing vendor Ricoh. Ricoh comply with the Department of Finance Government Procurement Contract CUAWAS2016 Waste Disposal and Recycling Services Category E – ICT Equipment Disposal (e-Waste), to transition the MFD’s to a contractor for disposal. Software is not used to erase the MFD’s hard-drive. Data on the hard-drives is encrypted and cannot be read, thereby protecting the data from theft. As an added protection, all latent images are overwritten. MFD hard-drives undergo e-Waste disposal to ensure that they are physically destroyed and no data can be recovered.
(ii) N/A
EQUAL OPPORTUNITY COMMISSION
(i) No. Not applicable;
(ii) Erasing of data on the hard drive is conducted automatically. Encryption and overwriting is a standard feature on all Fuji Xerox devices. The hard drive is destroyed by default upon disposal/return of the multifunctional device to the supplier.
THE LEGAL PRACTICE BOARD INCLUDING THE LEGAL PROFESSION COMPLAINTS COMMITTEE (WHICH IS A COMMITTEE OF THE BOARD)
(i) – (ii) While we do not have a specific policy regarding erasing of hard-drives of photocopiers upon their disposal, hard-drives of photocopiers are erased by external contractors.
A new Information Security Policy is currently being developed that includes disposal of devices containing sensitive or confidential information.
LEGALAID WA
(i) No policies or procedures are in place for erasing the hard-drives of photocopiers upon their disposal from the agency
(ii) Hard drives on photocopiers are encrypted to prevent unauthorised access to information stored on the hard drive of the photocopier
OFFICE OF THE COMMISSIONER FOR CHILDREN AND YOUNG PEOPLE
(i) None.
(ii) No documents are saved to the photocopier hard drives.
OFFICE OF THE DIRECTOR OF PUBLIC PROSECUTIONS
(i) There is no written policy and procedure in place in regard to erasing hard-drives of photocopiers upon their disposal.
The ODPP disconnect the hard drive before sending the photocopier for disposal.
The ODPP destroys the hard drive in-house.
(ii) Given that the ODPP destroys its own hard drives, it does not require a written policy for their disposal.
OFFICE OF THE INFORMATION COMMISSIONER
(i) Yes. All hardware is erased before disposal. In 2015 the previous photocopier was removed by the successful tenderer as part of the purchase arrangement for the new photocopier and included removal and destruction of the hard drive. The software used is unknown
(ii) Not applicable.
SOLICITOR GENERALS OFFICE
(i) – (ii) The State Solicitor's Office supplies and maintains the photocopiers for the Solicitor General's Office. All policies or procedures are those of the State Solicitor's Office.
STATE SOLICITORS OFFICE
(i) Yes. Hard drives of Xerox photocopiers are re-set by Xerox technicians as a part of the decommissioning process using CentreWare Internet Services for Xerox devices. This process erases agency data while retaining the basic software on the hard drive.
(ii) N/A
(b) Please refer to Legislative Assembly Question on Notice 3209.
(c) Not applicable.
Explore WA Government Data
Search the full archive in the free dashboard, or query programmatically via API.
Explore more
Government Gazette
Appointments, regulatory notices, planning changes.
Hansard
Debates, questions, speeches and sentiment.
Tabled Papers
Reports and documents tabled in Parliament.
Committees
Committee profiles and recent reports.
Regulations
Subsidiary legislation with filters and summaries.
Bills
Proposed laws and parliamentary progress.
Acts
Current WA legislation and summaries.
Explanatory Memoranda
Bills with EMs (text/PDF) available.
Members
MP profiles, party breakdown and rankings.
Pollie Rankings
Data-driven rankings across 19 categories.
Amendment Chains
Track how schemes and regulations evolve over time.