iPods, USB drives are 'security risks'
Relevant offers
Gadgets
Security is threatened at more than 20 government agencies that allow staff to use their own iPods, flash drives and other devices, the privacy commissioner says.
Marie Shroff said two thirds of 37 agencies surveyed allowed staff to use portable storage devices (PSDs) that put confidential or personal information at risk.
PSDs such as USB sticks, iPods, iPhones, Blackberrys and cellphones could store and transfer large volumes of information. They could easily be lost or stolen, exposing organisations to risks of major data breaches, she said.
The devices could be "potentially major security risks" if they contained unsecured sensitive data.
In May, the commission surveyed government use of PSDs including police and defence forces, ministries, State Services and Crown Law and found "real gaps in procedure and practice".
Of the 37 agencies, 95 per cent made PSDs available to staff and three-quarters had policies to control their use. But less than half had procedures for deleting data and just nine agencies made encryption mandatory.
Sixty-two per cent kept a PSD register but only 22 per cent would be able to track transfers of data.
Ms Shroff said agencies holding classified or sensitive information had tighter controls over the use of PSDs than other agencies.
"However, it is worrying that agencies that hold the largest amounts of personal information had fewer controls."
The commission recommended that agencies should have a policy on PSD use. They should also make staff aware of the need to report losses or theft, and how to delete data.
Encryption should be used for all PSDs likely to store personal information, and strict limits on personal PSDs should be enforced.
"We want to get it right before we get it wrong," Ms Shroff said.
A police spokesman said police were considering the recommendations. Police had a policy on "moveable storage media", data they could contain and how it should be destroyed.
State Services Commission spokesman Jason Ryan said the commission had no specific policy on PSD use, as it had an information and communication policy. Staff could not connect PSDs without permission.
- © Fairfax NZ News
Sponsored links
NZ police access Facebook evidence
Facebook can alienate people further - study
Brazil files injunction against Twitter
Review: Catherine for Xbox 360
Top selling games in New Zealand
Apple factory hacked amid global activist stunt
Megaupload co-accused speaks out
Direct-to-fans sport still 'years away'
The Artist dog wins 'spokesdog' role
Kiwi game industry worth more than $179.6m
Prison officers 'turned into mules'
Ethnic rights advice stuns communities
Rugby joy short-lived, nation pessimistic
Dotcom accused van der Kolk 'flabbergasted'
Roll on 2050 - New Zealand economy to rise
Suarez a 'disgrace to Liverpool' in loss to United
Police arrest five at Murdoch's Sun newspaper
Oceania, Fifa roles end in disgrace as facts emerge
Cameron-Barrett to headline Heavyweight Explosion
Gardener's paradise planned for Chch
Danny Lee drops back to pack at Pebble Beach
Obama tries to defuse birth control fight
Police recapture Madonna stalker
Tension high as lethal log pile cleared
Ethnic rights advice stuns communities
Police name Hawke's Bay crash victim
Roll on 2050 - New Zealand economy to rise
Vatuvei magic gives Warriors win over Souths
Black Caps overcome spirited Zimbabwe in T20
'Trail blazer' Carmen farewelled in Auckland
Dotcom accused van der Kolk 'flabbergasted'
Deep south beats rest of nation in jobless
Farmer faces wait over 'useless' land
Stadium firm also designed CTV
At what age is it OK for children to have a smartphone?
