As a Print Service Provider keeping the data that you process secure, on behalf of your customers, has always been top of your priority list. With a customer base consisting of banks, insurance companies, utilities and telcos, the documents that you print and mail often contain sensitive and confidential information – and data breaches containing data of this nature have never been good for business.
Up until 2018 if data security was compromised by a data processor, such as a print service provider, data protection legislation held them liable only for ‘failure to comply with their contractual obligations to the data controller’ – the data controller being your customer in this instance. But when the EU’s new General Data Protection Regulations (GDPR) came in to effect in May last year, it opened up the data processors themselves to direct action from both the regulators and the data subjects themselves. In simple terms, if your customer’s data was compromised you could also be liable for a fine of up to $26m or 4% of worldwide income under GDPR.
With the exchange of data and documents between you and your customer, being a fundamental component of your business, robust and practical solutions are required to ensure not only the security of any sensitive data, both at rest and in transit, but that your day to day print operation continues unhindered. Almost 18 months on from the implementation of GDPR we thought that it might be timely to review two solutions that deliver on these requirements, to remind you of the value that they bring to a production environment such as yours.
At the heart of redaction is a simple concept – limit the exposure, limit the risk. It’s a sound proposition, as not every recipient of a document needs to know or view the sensitive or confidential information contained within it. But how is this achieved in practice? Historically with printed documents, redaction meant simply placing a black mark or box over the personal data to obscure it from the viewer. Today however in our digital world, black boxes are not enough, since in most cases the confidential information still exists within the document even if visually concealed. Sophisticated redaction software however does enable sensitive text to be removed completely from digital communications or scrambles it to achieve the same outcome.
For print service providers the benefit of redaction software in clear. Not only does it provide an additional layer of data security but it keeps content in place with the appropriate spacing and character size, ensuring that envelopes, inserting equipment and sorting machines will continue to run as intended.
Many service providers also find this to be useful in getting a more accurate assessment of ink usage when testing before final output – either in a live production environment, or when looking at new equipment.
Document Level Encryption
Another comprehensive data protection solution is to encrypt all files containing customer data at the document or page level. Document level encryption removes a number of the risks currently associated with file level encryption. When data is contained in multiple documents it can be exposed to misuse once the file itself has been ‘unlocked’. With document level encryption however, when there is a need to view, edit, process or transfer a file containing multiple documents, only the relevant pages for the specific required document within it are decrypted and only by the intended recipient who holds the appropriate key.
Document level encryption is an ideal way to secure files and protect sensitive data in transit improving security for the data controller and data processor alike. Powerful solutions that lockdown data in this way, during the exchange of documents between customer and print service provider can help both parties achieve compliance not only with GDPR but a number of other industry regulations too, such as PCI and HIPAA.