Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

Breach Case 5: Taking client files offsite Neil Sanson
4 August 2017

weka edit

You keep your home safe, don’t you? So there should be no problem taking some work notes home, rather than travel the extra distance to drop them off at the office at the end of the day; or to have to pick them up in the morning at the office. You are saving time and avoiding unnecessary travel. But homes do get burgled, thousands in any month.

We were alerted to a house burglary incident, where offenders took a laptop and a backpack. It may have been an opportunistic grab for items which could be taken quickly and sold on the second hand market.

Fortunately, the laptop was password protected which offered some protection. In this case, all the data was stored in a cloud service and not on the laptop, so the risk of personal information being found on the laptop was low.

But the other item taken - the backpack - contained a paper file about an eight-year-old child.

The social service organisation the file came from had a policy of all records being scanned and any hardcopies being locked up. This breach happened because the workplace policy was not adhered to.

Your organisation should have a policy covering how to keep personal information safe. We have published guidance for people who have to take personal information out of the office: “Health on the Road”.

If you are going to take confidential personal information home, you need to ensure it is kept safe. This will mean taking extra steps in addition to the normal measures you use to secure your home. This obligation comes because you are being trusted with the responsibility of looking after another person’s information.

We regularly get data breach notifications and this year we will be sharing the lessons learned from these more regularly. If you want to know more about data breaches, please check out our data safety toolkit.

Image credit: Weka via Department of Conservation


, ,



No one has commented on this page yet.

Post your comment

The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.