{"id":16176,"date":"2026-03-31T10:24:06","date_gmt":"2026-03-30T21:24:06","guid":{"rendered":"https:\/\/kinetics.co.nz\/?p=16176"},"modified":"2026-03-31T10:24:06","modified_gmt":"2026-03-30T21:24:06","slug":"could-you-get-into-trouble-with-the-law-if-you-lose-a-usb-stick","status":"publish","type":"post","link":"https:\/\/new.kinetics.co.nz\/?p=16176","title":{"rendered":"Could you get into trouble with the law if you lose a USB stick?"},"content":{"rendered":"\n[et_pb_section fb_built=”1″ theme_builder_area=”post_content” _builder_version=”4.27.6″ _module_preset=”default”][et_pb_row _builder_version=”4.27.6″ _module_preset=”default” theme_builder_area=”post_content”][et_pb_column _builder_version=”4.27.6″ _module_preset=”default” type=”4_4″ theme_builder_area=”post_content”][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” theme_builder_area=”post_content” hover_enabled=”0″ sticky_enabled=”0″]

 <\/p>\n

\n

A lost USB stick can be a notifiable privacy breach.<\/h2>\n

Here\u2019s why that matters<\/h3>\n
It sounds old school, but USB sticks are still floating around plenty of NZ businesses.\u00a0 A recent draft decision note from the Office of the Privacy Commissioner<\/strong> is a timely reminder that losing one isn\u2019t just inconvenient.\u00a0 It can cross the line into a notifiable privacy breach<\/em>.<\/div>\n<\/div>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.27.6″ _module_preset=”default” theme_builder_area=”post_content” column_structure=”1_2,1_2″][et_pb_column _builder_version=”4.27.6″ _module_preset=”default” type=”1_2″ theme_builder_area=”post_content”][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” theme_builder_area=”post_content” hover_enabled=”0″ sticky_enabled=”0″]

Why a lost USB can be a big problem<\/span><\/h3>\n
\n
In the decision note, the Privacy Commissioner considered a situation where a USB stick containing personal information was lost and never recovered.<\/div>\n
<\/div>\n
Because the organisation couldn\u2019t be confident the data was protected or inaccessible<\/strong>, the loss created a real risk of harm to the people involved. That\u2019s what tipped it into notifiable breach<\/em> territory.<\/div>\n
<\/strong><\/div>\n
If personal information goes missing and you can\u2019t rule out misuse, you may have an obligation to notify both the Privacy Commissioner and affected individuals.<\/strong><\/div>\n<\/div>[\/et_pb_text][\/et_pb_column][et_pb_column _builder_version="4.27.6" _module_preset="default" type="1_2" theme_builder_area="post_content"][et_pb_image src="https:\/\/new.kinetics.co.nz\/wp-content\/uploads\/2026\/03\/RobotDropsUSB400.png" _builder_version="4.27.6" _module_preset="default" theme_builder_area="post_content" title_text="RobotDropsUSB400" border_radii="on|10px|10px|10px|10px" border_color_all="#222222" border_width_all="1px" box_shadow_style="preset1" hover_enabled="0" sticky_enabled="0"][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version="4.27.6" _module_preset="default" theme_builder_area="post_content" column_structure="1_2,1_2"][et_pb_column _builder_version="4.27.6" _module_preset="default" type="1_2" theme_builder_area="post_content"][et_pb_text _builder_version="4.27.6" _module_preset="default" theme_builder_area="post_content" hover_enabled="0" sticky_enabled="0"]
\n

It\u2019s not about the USB \u2014 it\u2019s about risk<\/h3>\n
This isn\u2019t a story about outdated tech. It\u2019s about risk management<\/strong>.<\/div>\n
When regulators assess a breach, they look at things like:<\/div>\n
    \n
  • What type of personal information was involved<\/li>\n
  • Whether it was encrypted or otherwise protected<\/li>\n
  • Who could realistically access it<\/li>\n
  • Whether the organisation could contain or recover the data<\/li>\n<\/ul>\n
    If the answers aren\u2019t clear, the risk goes up.<\/div>\n<\/div>[\/et_pb_text][\/et_pb_column][et_pb_column _builder_version=”4.27.6″ _module_preset=”default” type=”1_2″ theme_builder_area=”post_content”][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” theme_builder_area=”post_content” hover_enabled=”0″ sticky_enabled=”0″]
    \n

    What this means for NZ businesses<\/span><\/h3>\n
    For many organisations, the biggest exposure isn\u2019t hackers.\u00a0 It\u2019s everyday behaviour and legacy practices that haven\u2019t been revisited in years.<\/div>\n
    Think:<\/div>\n
      \n
    • Data copied \u201cjust in case\u201d<\/li>\n
    • Files taken home to finish work<\/li>\n
    • Portable storage with no encryption<\/li>\n
    • No clear policy on what\u2019s allowed (or not)<\/li>\n<\/ul>\n<\/div>\n

       <\/p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.27.6″ _module_preset=”default” theme_builder_area=”post_content”][et_pb_column _builder_version=”4.27.6″ _module_preset=”default” type=”4_4″ theme_builder_area=”post_content”][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” theme_builder_area=”post_content” hover_enabled=”0″ sticky_enabled=”0″]

      \n

      Practical steps to reduce your risk<\/span><\/h3>\n
      You don\u2019t need to ban productivity to improve privacy. A business\u2011first IT approach helps you protect data and<\/em> keep work flowing.<\/div>\n
      A few good starting points:<\/div>\n
        \n
      • Reduce reliance on portable storage<\/strong> by using secure cloud platforms<\/li>\n
      • Encrypt anything that leaves your environment<\/strong><\/li>\n
      • Set clear policies<\/strong> around personal data handling<\/li>\n
      • Train staff<\/strong> on what to do (and what not to do)<\/li>\n
      • Review how incidents are detected and reported<\/strong><\/li>\n<\/ul>\n
        This is proactive IT \u2014 identifying issues early, before they become problems.<\/div>\n<\/div>\n

         <\/p>[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” theme_builder_area=”post_content” hover_enabled=”0″ sticky_enabled=”0″]

        \n

        Making IT simple \u2014 and safer<\/span><\/h3>\n
        Privacy compliance isn\u2019t about ticking boxes. It\u2019s about protecting people, trust, and your reputation.\u00a0\u00a0If you\u2019re unsure how personal data moves through your business, or whether your current setup would stand up to scrutiny, we\u2019re happy to help.<\/div>\n<\/div>\n

         <\/p>\n

         <\/p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]\n","protected":false},"excerpt":{"rendered":"

          A lost USB stick can be a notifiable privacy breach. Here\u2019s why that matters It sounds old school, but USB sticks are still floating around plenty of NZ businesses.\u00a0 A recent draft decision note from the Office of the Privacy Commissioner is a timely reminder that losing one isn\u2019t just inconvenient.\u00a0 It can cross […]<\/p>\n","protected":false},"author":5,"featured_media":16177,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[4,5],"tags":[],"class_list":["post-16176","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-security"],"_links":{"self":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/16176","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=16176"}],"version-history":[{"count":0,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/16176\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/"}],"wp:attachment":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=16176"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=16176"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=16176"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}