If you print your own ID cards, membership cards or other plastic cards in-house, be careful you don’t put yourself at risk of a data breach without realising it
GDPR brings in far stricter rules around the use, storage and sharing of personal data, or ‘personally identifiable information’. This is any information relating to an individual: anything from a name, home address, photo, and even a computer’s IP address.
If you print your own ID cards or membership cards, have you considered the personal details left behind on the ribbon?
One of the key points of GDPR is the need to process information in
- a manner that ensures its security, and
- the obligation to implement measures that build data protection into your data processing activities.
If you use a direct-to-card plastic card printer, you might not realise that all of the personal information for each card remains on the printer ribbon after its printed.
The way that printer ribbons work is that they literally ‘spool’ along the length of the ribbon each time you print a card. They print the personal details required from one section of the ribbon, then wind onto the next section, leaving a record behind of the card that’s just been printed.
Which means anyone picking up the used ribbon after its been discarded would be able to retrieve all the information of your card holders.
Make sure you have a plan in place to ensure the information on your card printer ribbon is deleted effectively.
There are a few ways to do this:
- Pull out the used printer ribbon and manually shred it
If you choose to go this way, make it part of the printing process, with an audit trail to follow. Capture the name of the person shredding it, and the date. GDPR requires you to maintain records of your processing activities and show they have been followed.
If you currently use a company to recycle your other office waste, they may also be able to recycle your printer ribbons and provide you with a certificate to confirm it has been shredded securely.
- Choose a Plastic Card Printer that ‘scrambles’ the printer ribbon automatically for data protection
There are a small number of plastic card printers on the market with a ribbon scramble feature built-in, which makes all information contained on it unreadable.
The HID Fargo DTC 1500 is one of Fargo’s newest and most advanced Direct-to-card printers. It comes with a number of new built-in security features such as their unique resin scramble data protection feature. This provides an additional layer of security by hiding any information printed with a resin panel, rendering the panel unreadable.
The DTC 1500 also comes with a custom overlay watermark facility as standard and is equipped with standard password protection and AES 256 data encryption for additional peace of mind.
It’s a bit more expensive that most printers aimed at small-medium businesses, but you get what you pay for. If data security is right at the top of your organisation’s agenda, you might want to consider it.
You can find out more information here
- Do away with the ribbon altogether
Another way to get around the problem – or rather not cause it in the first place – is to use rewritable cards.
Rewritable cards don’t need ribbons to print. Instead they use thermal imaging and heat from the card printer to ‘transfer’ the required detail onto the card. They then use the same thermal imaging to erase the information on the card when you’re finished with it, ready for the next time.
In fact, you can erase and reprint the same card up to 500 times.
This makes rewritable cards ideal for temporary use, for example as temporary ID cards for visitors or for workers on short-term contracts – but not for anything you need to last for any length of time.
The downside is that you don’t get a brilliant quality of print with rewritable cards or any real durability, and they only ‘print’ in one colour, generally black or blue.
Also, the cards are expensive – instead of around £7 for 100, you’re looking at over £80 for 100. However you will see that investment back given you can use them time and time again.
And let’s not forget that you need a plastic card printer with rewritable technology in the first place – this is by no means standard in all models.
All Magicard printers come with rewritable technology included as standard, even the most basic level entry printer, the Pronto, which you can snap up for around £500.
Get it wrong and there are serious penalties, particularly for organisations that experience data breaches.
Get the latest information on GDPR from the ICO