News

A man walks into a copy shop... It's not some in-joke for the print industry, it's the daunting decision facing every worker in a high street copy shop when a customer hands them some work.

Most recently, this was splashed across the media when the wife of Mike Coughlan, Formula 1 team McLaren's now-suspended chief designer, popped into a Surrey shop with nearly 800 pages of technical documents belonging to Ferrari under her arm.

And then, according to reports, asked for the dossier to be scanned to a disc.

A copy shop employee noticed the highly sensitive nature of the information and tipped off Ferrari, a move that kicked off an international furore, leaving McLaren's reputation battered, its constructor's championship points squashed and landed it a £49.2m fine from governing body FIA.

Ferrari praised the copy shop worker after the team took first and second place at last weekend's Belgian Grand Prix.

However, according to Moorcrofts Corporate Law LLP partner Andrew Katz, that worker was treading a thin legal line in his actions.

"There's no general obligation for a member of the public to tip off," he told printweek.com.

He said that in the case of copy shops, "there's a pretty strong presumption of the right to reproduce", and that any terms and conditions applied to their customers "don't have to be signed to be effective... there are very few contracts that have to be in writing".

But he added that in tipping off someone about an act of copying, "you are releasing confidential and/or personal data about the client" and that this would "breach the Data Protection Act (in the case of personal data) or the law of confidentiality", potentially giving the Coughlans a legal case against the worker.

He said that while these rules "collapse when reporting a crime", it's a big ask for someone to make such a judgement call. "In the context of a copy shop, unlawful copying is only criminal if done for commercial purposes," he said.

"And private copying, although it may be a civil infringement, isn't a crime if the copies aren't made available to the public."

Katz added that the situation can get even more delicate for copy shops if the copying done on their premises is part of a crime.

"There's a lot of legal commentary dealing with the extent to which 'turning a blind eye' won't let you off the hook, so that's not advisable to do, but, on the other hand, the more questions the copy shop asks, the more likely they are to have information that could implicate them in a possible crime."

He suggested the safest position for a copy shop is where the customer does their own copying.

But printers don't get to ask their customers to do the printing for them. And with the rise of personalised direct mail, and data from myriad sources pouring in from web-to-print operations, they too have to pick their way through a legal minefield.

The Industry Measure senior analyst Heidi Tolliver-Nigro told printweek.com: "The issue of direct mail and security is an interesting one. For one-to-one printing, it is an issue because customers' very personal information, such as spending habits, financial portfolios, and so on, is being used to generate these pieces.

"Either one-to-one print providers must have very strict security to protect their customers' data (by having secure locations with restricted access and other security measures) or the customer hangs onto the data and only sends out the print-ready files."

Tolliver-Nigro added: "The issue of web-to-print and document pre-printing or pre- anything else is not a printing industry issue – it's a document management issue. It really ought to be a printing industry issue.

"Although the printing industry ought to be conversant in these issues, it isn't, and it's a reflection of the myopia that is plaguing it (and limiting it)."

For Mark Buckingham, general manager of TPF's direct and transactional mail division, the issue is taken seriously. He said that as well as being a paid-up member under the Data Publishing Association, the premises operates swipe in/swipe out access, secure ftp (file transfer protocol) sites and daily backups and integrity checks of all data the division handles.

"The data is kept by us and controlled by us, although we don't own it," he told printweek.com. "But there's no way the data can escape."

For businesses, the Formula 1 saga raises issues about how such sensitive information was ever allowed out of Ferrari's hands in the first place.

Security firm Sophos senior technology consultant Graham Cluley said: "Although IT teams are always underlining the importance of securing electronic data from the threats of spyware and hackers, it's actually just as important not to disregard the other ways data can leak.

"Employees and temporary workers may be able to sneak out print-outs of confidential data in their briefcases, or grab important documents before they make their way to the shredder."

But while there are plenty of technologies available to stop ne'er-do-wells from creating counterfeit documents, protecting the information on them is trickier.

Curtis Fine Papers technical sales director Ken Thom said that nobody has yet developed a paper that disables the photocopying process – such as producing copies that are blank or blacked out.

There may not be failsafe ways of preventing them getting into the wrong hands, but you can stop them being printed by the wrong people.

Ricoh UK and Ireland director of marketing Chas Moloney agreed. "It appears that attitudes towards the security of hard-copy documentation could well be lagging.

"The ability to restrict the output of potentially sensitive information, through features such as copy protection and rights-based access to printing, is readily available and it's in the interests of senior management to ensure that such weaknesses are addressed.

"If, as reports suggest, an act of industrial espionage can occur in the high-tech world of Formula 1, other businesses should take heed of the risk."

But while there may not be failsafe ways of preventing them getting into the wrong hands, you can stop them being printed by the wrong people.

Security firm Sophos senior technology consultant Graham Cluley said: "Although IT teams are always underlining the importance of securing electronic data from the threats of spyware and hackers, it's actually just as important not to disregard the other ways data can leak.

"Employees and temporary workers may be able to sneak out print-outs of confidential data in their briefcases, or grab important documents before they make their way to the shredder."