Agencies that enforce laws such as the Computer Fraud and Abuse Act or privacy and consumer protection laws like FINRA, FERPA, and HIPAA are taking a close look at mobile printing compliance issues.
Many compliance audits now include a section on printing, leaving organizations that are otherwise meeting compliance standards vulnerable because of employee-owned devices with unsecured mobile printing applications. Mobile printing compliance should be built-in to a mobile printing solution, and on-device encryption for sensitive data is a critical part of mobile compliance.
When IT departments first started thinking about mobile printing several years ago, only companies in some highly regulated industries such as healthcare, financial services, banking and pharmaceuticals had to add compliance to the list of potential mobile printing problems.
That changed in 2011, when the U.S. Eighth Circuit Court of Appeals ruled that any device with storage and processing capabilities could be considered a computer under the Computer Fraud and Abuse Act (18 USC §1030), or CFA. In 2012, in United States v. Kramer, the Fourth Circuit Court specifically named printers and mobile devices like watches, smartphones and MP3 players as being subject to the CFA.
As a result, compliance audits involving FINRA, FERPA, HIPAA, MIPPA, NAIC, PCI and other federal and state agencies are focusing more closely on mobile device security. Since it is clear that mobile devices are covered under the CFA, securing those devices has taken on a new urgency for businesses, schools, hospitals, and other organizations subject to regulatory oversight.
There is no consistent standard for mobile printing compliance. The rules vary depending on what kind of business you work in. But in general, the new rules mean that the security standards for mobile devices and printers are the same as those for any other “computer”.
In a compliance audit, you may be asked to show that:
- Data stored on these devices can be remotely wiped in the event of a data breach
- Data is encrypted both “in transit” and “at rest”
- Access to data stored on these devices – temporarily or permanently – is restricted and monitored, with accessible logs
- You have secured the data on these devices with “appropriate measures” that meet industry standards
If those rules seem general and not completely clear, it’s because they are still evolving. In general, most compliance experts advise businesses to:
- Ensure that software and systems are updated regularly, including installing any recommended patches
- Remediate identified vulnerabilities
- Encrypt data whenever possible
- Establish data surveillance and IT alert policies
Breezy is the only mobile print provider that ensures compliance by securing data on any
mobile device – iPhone, iPad, Android tablet or smartphone, or BlackBerry device – with military-grade encryption before transferring the encrypted files safely via SSL to any approved printer or print network. In addition, Breezy has integrated with seven of the top mobile security platforms.