The Federal Deposit Insurance Corp. issued guidance Wednesday cautioning banks supervised by the agency about sensitive customer data stored on photocopiers and other office products.
The FDIC said many copies, fax machines and printers leased from third parties are capable of storing information from loan applications and other documents on built-in hard drives and other types of memory, increasing the risk that data will fall into the wrong hands.
The guidance instructed institutions to implement policies ensuring such data is "erased, encrypted or destroyed" from drives before an office machine is returned to a leasing company or sold to another party.
"If the institution chooses to erase or encrypt the hard drive, the method used should be sufficiently robust to render the information on the disk unrecoverable," the FDIC said. "Examiners may ask to review such policies and procedures and verify that they have been effectively implemented."