Set privacy options

PaperCut NG/MF tracks print activity by default because most organizations need it to manage printing effectively. But privacy matters too! If your organization needs more privacy for users, you can adjust the settings to strike the right balance. For example, you can:

Manage the Print Archiving feature.
Omit document names from the Job Log
Remove document information from the Job Log
Anonymize print jobs

Find these settings at Options > General.

Why privacy settings matter

Privacy is essential for many organizations. Here are some common scenarios:

Schools: Protecting student privacy when printing assignments or report cards.
Hospitals: Ensuring HIPAA compliance for medical documents.
Businesses: Keeping sensitive contracts or financial records confidential.

You can customize privacy settings to meet your needs, whether you’re prioritizing data privacy, user confidentiality, or compliance with standards like GDPR or HIPAA.

Set the privacy options

Click Options. The General tab is displayed.
In the Privacy Options area, select any of the following options as required:
- Omit document names from the Job Log—Select this option if you do not want to include the document name of print jobs in the logs. Document names can include identifying information about a user or the nature of their print job.
- Remove document information from the Job Log after—Select this option if you want document-identifying data elements of jobs that are older than a set time period (default: 6 months) to be permanently removed (redacted) from the Job Logs page. If selected and configured, this is included in the daily scheduled maintenance routine. The document-identifying data elements that are impacted by this include:
  - date – (optional) the time stamp in the job date is changed to 11:00:00 AM.
    
    Note
    
    To change the job time stamp to 11am, set the job.privacy.redact-timestamp.enabled config key to Y. For more information about editing config keys, see .
  - print archives – thumbnail previews are no longer displayed and cannot be clicked to view the document or to download the spool file.
  - document name – are displayed as being redacted by the system, with the redact time stamp, instead of the actual name of the document.
  - job size – the size of the job is displayed as 0KB.
  - client machine – the machine from which the job was printed is displayed as being redacted by the system.
  - comments – comments that have been added to the log are no longer displayed.
  - watermarking signature – digital signatures that have been applied using watermarking are displayed as being redacted by the system, with the redact time stamp, instead of the actual document name.
  For more information on redacting other document-identifying data elements using server commands, see Server commands (server-command)
  
  Note
  
  All departmental, group, and personal reports will still reflect the relevant printer usage.
- Anonymize jobs (don’t link jobs with users)—Select this option to delete any links in the database between a user and a print job after a print job has been processed.
  
  This anonymization is achieved by re-assigning the job to a different, specified user once the job has completed. The default and recommended approach is to assign jobs to a user called anonymous. If this user does not exist at the time the feature is enabled then a new internal (non-domain) user with the configured name is created (this user has no password, so cannot be used to log in).
  
  Viewing the Job Log for this anonymous user shows all jobs in the system. The transactions (charging) for jobs are still applied to the original user, however, so that features such as print quotas continue to work as expected. Transaction times and job log times could be cross-referenced to potentially determine a link, as they will be close together in time. If this is a concern, then use the options at Options > Backups > Automatic Backups to delete transaction logs older than a given age.
  
  Selecting this option means that any functionality requiring a link between a user and a job (once the job has completed) is no longer available. This includes user-based reporting and job refunds. It is recommended that this option is only enabled if strictly required.
Click Apply.

More ways to manage user data

Beyond the privacy options described above, PaperCut NG/MF offer several other means to ensure user privacy depending on the needs of your organization or industry. This wouldn’t be a complete article without mentioning those options.

Remember to always back up your PaperCut database before performing permanent actions.

Clear historical data. Delete old print job logs and transactions. See: Partially Clearing Out The Log Data .
Redact user data. For organizations in the EU, redacting user data can be essential to comply with GDPR requirements. If you need to permanently remove user data, PaperCut offers a built-in server command to permanently redact it. See: General Data Protection Regulation (GDPR)
Manage Administrator Access. PaperCut offers fine-grained controls to managed administrator’s access to view users’ archived print jobs and job history. See: Assign administrator level access .