AM Exclusive Technicity Newsletter Issue 5 | Page 2

DO YOU NEED A
SECURE PULL-PRINT
SOLUTION TO
COMPLY WITH
UPDATES TO NEW YORK
STATE’S SHIELD ACT?
B
eginning on March 21,
2020, all businesses must
comply with the data
security requirements in
the new amendments to
New York State’s SHIELD Act, and
for some organizations, this may have
implications for printers and copiers.
The changes to the law expand the
types of “private” information that
must be protected. If anyone in your
company is printing such data to a
shared printer, it can be an issue. The
“private” information that must be
protected is the following:
(i) personal information in
combination with any one or more of
the following data elements that were
not encrypted, or was encrypted with
an encryption key but was accessed or
acquired:
- social security number;
- driver’s license number or non-
driver ID card;
- account number, credit or debit
card number in combination with
any required security code, access
code, password or other information
that would permit access to an
individual’s financial account; or
- biometric information such as
a fingerprint, voiceprint, retina
or iris image, or other unique
physical representation or digital
representation of biometric data
used to authenticate or ascertain
the individual’s identity.
(ii) a user name or e-mail address
in combination with a password or
security question and answer that
would permit access to an online
account; or
(iii) any unsecured protected health
information held by a “covered entity”
as defined in the Health Insurance
Portability and Accountability Act of
1996 (HIPAA). Id. 899-aa(1)(b)
This is in addition to the “personal”
information that was already
protected under the law:
“any information
concerning a natural
person which, because of
name, number, personal
mark, or other identifier,
can be used to identify
such natural person … .”
The update to the law also further
defines what it means to be compliant
with the law in protecting the
aforementioned information. One
such facet is that an organization
“implements a data program that has
reasonable physical safeguards such as…
protects against unauthorized access
to or use of private information during
or after the collection, transportation,
and destruction or disposal of the
information.”
If employees are printing pages with
“private” or “personal” information to
shared printers, it is very likely that:
a) someone with unauthorized
access can accidentally pick up the
job; or even more likely
b) it can accidentally not be
disposed of correctly if it is lumped
together with all other unclaimed
print jobs.
And even if employees that print the
sensitive information have their own
printers, if they have access to shared
printers as well, they can accidentally
expose this data by choosing the
wrong machine to print to.
This risk can be abated by
implementing a secure pull-print
solution such as Papercut or HP
Access Control in your organization.
These solutions enable the printers
and copiers to be set up so that end-
users print to a central queue, and
their jobs do not print out until they
identify themselves at the machine
(this can be done by swiping a badge
or by typing in a PIN).
We have experience with and
are Authorized Resellers of both
programs, and we can consult you on
the most cost-effective path for your
organization and your existing fleet of
printers and copiers.
For more information, visit
amexclusive.com/secure-pull-
printing.