Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.

More Accept ×

We respect your Do Not Track preference.

Close ×

opc header logo

Print | Email this page

Privacy risks with portable storage devices : media release

5 August 2009

The Privacy Commissioner has recently released guidelines on the use of ‘portable storage devices' (PSDs) such as USB sticks, cell phones, iPods, PDAs (personal digital assistants), and smart phones in business and government.

'We surveyed government use of PSDs in May and found that their use was widespread. There were significant gaps in controls over PSDs at work. We want to raise awareness of the privacy risks associated with their use,' said Privacy Commissioner Marie Shroff.

'Because of their small size, PSDs can be easily lost, misplaced or stolen. Using them in the workplace presents potential security risks, particularly if the devices contain unsecured or sensitive data,' said Ms Shroff.

The guidelines will assist the government agencies that participated in the survey but will be equally useful for business and other private sector organisations.

View the guidelines.

 

ENDS

Note for Editors

Key findings from the survey

Some of the key findings are:
• Thirty-five out of the 37 agencies who responded to the survey make PSDs available to staff - most commonly USB sticks - with nearly two thirds of agencies also allowing staff to use their own.
• While 75% of agencies say they have documented policies to restrict or control the use of PSDs, less than half of agencies surveyed have procedures for disposing of obsolete PSDs or for the deletion of data from PSDs.
• Seventy percent of agencies surveyed have procedures to report the loss or theft of a PSD.
• Ten percent of the agencies who responded do not have any hardware, software, or policy control on the use of PSDs. Some agencies have recognised they have weak controls on the use of PSDs and are taking steps to introduce tighter controls.
• Agencies that primarily hold classified or sensitive information have significantly tighter controls over the use of PSDs than other agencies. This was not a particular surprise. However, it is worrying that agencies that hold the largest amounts of personal information had fewer controls. It appears that personal information is not being accorded the same care as information that is 'classified' or 'sensitive' information.

View the full results of the survey.

For further information contact: Annabel Fordham 021 509 735 or 04 474 7598

Back to top