USB Memory Keys & Drives

Many people use a USB key or drive to save, store, and transfer data from machine to machine. They're a cheap and portable way to keep data with you. However they're also really insecure and easily lost. This makes them a high risk item for information being lost (or stolen).

Imagine that you have a list of names, addresses, phone numbers, email addresses, etc. The kind of list that many (if not all) TSA centres have. It is holding personal information about people associated with TSA and we have a responsibility to protect it.

If it is on a memory key or drive then it is most likely that it is completely insecure. This means that if the device is lost or stolen there is a potential privacy breach for TSA to manage.

For this reason the updated Computer Code of Conduct talks specifically about not using USB memory keys and drives for the storage of information. We acknowledge that at times they're useful for doing presentations, or moving information between centres.

However a USB memory key or drive must only be used as temporary storage. This means that it shouldn't hold the master copy of any piece of information. If it is used (to transfer to another centre or machine) then once the information must be removed as soon as practical.

This policy is intended to protect the personal information people trust us with. It is information we need to be able to serve them, but information that we have a responsibility for protecting as far as reasonably possible.