Poor USB control threatens government data
LATEST NEWS
- Video will drive UFB uptake, but NZ lacks content choices: ComCom || 1
- TelstraClear's half-year revenue drops by 4 percent, but telco posts $1m profit
- Peter Finch leaves CIO post at Gen-i || 1
- 2degrees announces 875,656 customers
- NZ Fauna app fills 'crazy' lack of animal info || 4
- Megaupload interest a mixed blessing for Pirate Party || 2
SUBSCRIBE
Computerworld is New Zealand's only specialised information systems fortnightly. Subscribe now for $100 (23 issues) and save more than 37% off the cover price!
SIGN UP
Some flagship departments holding personal data have poorest practices
By Randal Jackson | Wellington | Tuesday, 5 May, 2009
A survey of 42 government agencies shows that many risk accidentally disclosing sensitive personal information because of poor controls on staff use of portable storage devices (PSDs) such as USB memory sticks.
The survey, undertaken by the Office of the Privacy Commissioner, shows PSDs are widely used but that there are real gaps in security procedures and practices.
Thirty-five out of the 37 agencies (95%) that responded to the survey made PSDs available to staff — most commonly USB sticks. Nearly two-thirds of agencies also allowed staff to use their own personal PSDs for work purposes.
Just nine agencies made PSD encryption mandatory, while 43% did not provide encryption solutions of any sort. Sixty-two percent kept a PSD register but only 22% said they would be able to track transfers of data to PSDs.
“PSDs are small, lightweight and easy to use, and can store vast amounts of information, but are easily misplaced or stolen,” says Privacy Commissioner Marie Shroff.
“The use of PSDs in the workplace — both public and private sector — presents potential security risks, particularly if the devices contain unsecured or sensitive data.
“If you are using your own personal PSD for work, then you are more likely to accidentally take that corporate information with you when you change jobs. Government agencies have a responsibility to try to prevent that sort of thing,” Shroff says.
“Though the survey found that 75% of the government agencies that responded reported they had policies to restrict or control the use of PSDs, we are not yet confident that those policies are of a good standard or are well-known by staff.”
Only half of the policies included details about how to delete content.
“It is particularly concerning that some of the agencies with poorer practices are flagship departments that hold the personal details of thousands of ordinary New Zealanders,” Shroff says.
MOST POPULAR
Social Media @Computerworld NZ
Computerworld NZ has now reached LinkedIn! Join to expand your networks and meet others interested in information systems.
