3 Feb 2022

Independent Police Conduct Authority loses USB stick with complaint information

11:39 am on 3 February 2022

An Independent Police Conduct Authority staff member has lost a USB stick with information on complainants and police, in what is being treated as a security breach.

The lost USB stick contains information on complaints, police staff and private citizens. File photo Photo: RNZ / Richard Tindiller

It holds personal information relating to 11 complaints, and 14 private citizens and two police staff are directly affected.

There are also 41 police staff members and five professionals whose digital image was captured while they were working.

The USB stick holds copied documents, audio recordings, and CCTV footage. It was not password protected.

On Friday 3 December 2021, a staff member reported that they believed they had lost the USB stick containing complainant and police information, the IPCA said.

Investigations between 3 December 2021 and now established that the USB stick is most likely lost in the public domain and holds personal information.

The authority is treating the loss as a security breach and a privacy breach.

USB sticks are routinely used at the IPCA as part of its initial evidence gathering process, the authority said. They are supposed to be password protected and never taken out of the office.

No caption

IPCA Chair Judge Colin Doherty. Photo: RNZ / Samuel Rillstone

The IPCA had personally contacted all affected individuals or their representatives and apologised.

Authority chair Judge Colin Doherty apologised to the people affected and to the Commissioner of Police.

"I am mindful that Police and the public trust us with sensitive, personal and private information to do our work, and that we undertake to keep this information secret and safe. We have failed to do so in this instance", he said in a statement.

"The Authority takes this situation extremely seriously.

"I have reminded my staff of their obligations and expected behaviours when handling information entrusted to the Authority.

"We are reviewing and reinforcing our IT and information access practices.

"We have also completed an employment investigation in relation to the affected staff member, the outcome of which will remain private."