- Advice Summaries
- Case Notes
- Codes of Conduct
- Compliance Notes
- Fact Sheets
Media Release: Privacy Commissioner urges Government agencies: Protect data on USBs & PDAs
08 May 2009
Research commissioned by the Office of the Privacy Commissioner has shown that, while most Australian Government agencies have policies regarding the transfer of personal information, not all have appropriate controls covering the use of portable storage devices (PSDs) for the handling of personal information.
"I am pleased that three-quarters of Australian Government agencies have policies covering the transfer of records containing personal information. However, there is definitely room for agencies to improve their safeguards governing the use by staff of portable storage devices containing personal information, such as USBs, PDAs, CDs, and DVDs," said Karen Curtis, the Australian Privacy Commissioner.
The research findings were released today by Senator the Hon John Faulkner, Special Minister of State and Cabinet Secretary, at a forum for senior public servants. Conducted by Orima Research on behalf of the Office of the Privacy Commissioner during March and April, the research involved a survey of 94 federal Government agencies.
At the forum, Ms Curtis said that the research would help her Office to assess privacy risks associated with PSDs given their growing use by Government and reports of data breaches around the world.
"My Office is particularly concerned given recent incidents in the UK where the loss of PSDs by government agencies has led to a serious threat to people's personal information," Ms Curtis said.
The Office of the Privacy Commissioner has also developed an information sheet to help agencies better manage PSDs, which was also released by Senator Faulkner at the forum.
Key findings from the research include:
- 75% of agencies have policies covering the secure transfer of records to external parties, and 69% have policies for staff temporarily working away from the office.
- 81% have policies covering uses of agency-issued PSDs.
- 55% have policies covering uses of privately owned PSDs.
- Most agencies have controls to manage agency-issued PSDs, such as keeping a PSD register (97%), requiring signed user agreements from staff (63%), using minimum encryption standards (56%) and providing staff training (63%).
- 58% have experienced the loss or theft of an agency-issued PSD within the past 12 months.
- 76% allow the use of private PSDs in the workplace, with agencies more likely to use software controls (54%) than hardware controls (16%) to manage and/or restrict their use.
The research report can be viewed at: http://www.privacy.gov.au/materials/types/download/9292/6866. The information sheet can be viewed at: http://www.privacy.gov.au/materials/types/infosheets/view/6867.