Item - 2011.AU3.12

Tracking Status

  • City Council adopted this item on July 12, 2011 without amendments and without debate.
  • This item was considered by the Audit Committee on July 5, 2011 and adopted without amendment. It will be considered by City Council on July 12, 2011.

AU3.12 - Disposal of Digital Photocopiers - Protection of Sensitive and Confidential Data Needs Strengthening

Decision Type:
ACTION
Status:
Adopted on Consent
Wards:
All

City Council Decision

City Council on July 12, 13 and 14, 2011, adopted the following:

 

1.         City Council request the Deputy City Manager and Chief Financial Officer to assign responsibility for the oversight and protection of information stored on hard drives in digital photocopiers to the Chief Information Officer.

 

2.         City Council request the Chief Information Officer to develop a control framework to ensure the cost effective administration of protecting information stored on digital photocopiers.  Such framework should include, but not be limited to the following:

 

            a.         a clear definition of the roles and responsibilities of the Information and Technology Division and other City Divisions

 

            b.         expansion of the City’s procedures for disposing of surplus information technology equipment to include digital photocopiers

 

            c.         procedures for ensuring ongoing verification of removal of data stored on hard drives in digital photocopiers at the time of disposal.

Background Information (Committee)

(June 16, 2011) Staff Report - Disposal of Digital Photocopiers - Protection of Sensitive and Confidential Data Needs Strengthening
https://www.toronto.ca/legdocs/mmis/2011/au/bgrd/backgroundfile-39273.pdf
Appendix 1 to the Staff Report - Review of the Disposal of Digital Photocopiers - Protection of Sensitive and Confidential Data Needs Strengthening, Information and Technology Division
https://www.toronto.ca/legdocs/mmis/2011/au/bgrd/backgroundfile-39274.pdf
Appendix 2 to the Staff Report - Management's Response to the Auditor General's Review of Digital Photocopiers - Protection of Sensitive and Confidential Data Needs Strengthening, Information and Technology Division
https://www.toronto.ca/legdocs/mmis/2011/au/bgrd/backgroundfile-39275.pdf

AU3.12 - Disposal of Digital Photocopiers - Protection of Sensitive and Confidential Data Needs Strengthening

Decision Type:
ACTION
Status:
Adopted
Wards:
All

Committee Recommendations

The Audit Committee recommends that:

 

1.         City Council request the Deputy City Manager and Chief Financial Officer to assign responsibility for the oversight and protection of information stored on hard drives in digital photocopiers to the Chief Information Officer.

 

2.         City Council request the Chief Information Officer to develop a control framework to ensure the cost effective administration of protecting information stored on digital photocopiers.  Such framework should include, but not be limited to the following:

 

             a.        a clear definition of the roles and responsibilities of the Information and Technology Division and other City Divisions

 

            b.         expansion of the City’s procedures for disposing of surplus information technology equipment to include digital photocopiers

 

            c.         procedures for ensuring ongoing verification of removal of data stored on hard drives in digital photocopiers at the time of disposal.

Origin

(June 16, 2011) Report from the Auditor General

Summary

The Auditor General issued a report dated May 4, 2009 entitled “Review of Disposal of Surplus IT Equipment – Security, Environmental and Financial Risks.”

 

In general terms, this report addressed the controls over the disposal of computer equipment particularly in relation to the requirement to erase information on computer hard drives as part of the disposal process.  This report which was specifically related to computer equipment contained 5 recommendations which addressed improvements in the security, environmental and financial risk areas.

 

In 2011, it was brought to the attention of the Auditor General that similar risks may apply to the disposal of digital photocopiers.  As a result, it was determined that

a review focused specifically on an examination of safeguards in place to protect sensitive and confidential information stored on hard drives contained in digital photocopiers would be appropriate and added this project to the Auditor General’s 2011 Work Plan.

 

This report contains two recommendations along with a management response to each of the recommendations.  The implementation of these recommendations will improve the overall effectiveness of the City’s practices to prevent unauthorized access or disclosure of data stored on hard drives contained in digital photocopiers.

Background Information

(June 16, 2011) Staff Report - Disposal of Digital Photocopiers - Protection of Sensitive and Confidential Data Needs Strengthening
https://www.toronto.ca/legdocs/mmis/2011/au/bgrd/backgroundfile-39273.pdf
Appendix 1 to the Staff Report - Review of the Disposal of Digital Photocopiers - Protection of Sensitive and Confidential Data Needs Strengthening, Information and Technology Division
https://www.toronto.ca/legdocs/mmis/2011/au/bgrd/backgroundfile-39274.pdf
Appendix 2 to the Staff Report - Management's Response to the Auditor General's Review of Digital Photocopiers - Protection of Sensitive and Confidential Data Needs Strengthening, Information and Technology Division
https://www.toronto.ca/legdocs/mmis/2011/au/bgrd/backgroundfile-39275.pdf

Motions

Motion to Adopt Item moved by Councillor Mary-Margaret McMahon (Carried)
Source: Toronto City Clerk at www.toronto.ca/council