Prison service fined £180,000 for losing unencrypted hard drive with 3,000 prisoners' details on
Loss came on the heels of a previous lost hard drive
Could there be a safer place to store the most sensitive information? Scrambled behind encryption software, locked up inside an industrial safe so strong it can withstand a blaze, kept inside a locked room, protected by a sophisticated keypad system – and all within a secure prison.
But in the latest remarkable security blunder, it has emerged that jail staff lost a hard drive containing the intelligence logs on nearly 3,000 inmates, with all of its information unprotected because the prison service didn’t realise they had to switch on the encryption system.
The Ministry of Justice was ordered to pay £180,000 after handing out hard drives to all 75 prisons in England and Wales without telling anyone how to make the encryption system work.
None of the information contained on them was protected for more than a year until the blunder came to light after one of the drives went missing from the category C Erlestoke prison in Wiltshire in May last year. It contained details on inmates’ links to organised crime, their drug use and details of their victims – none of it protected, according to the Information Commissioner’s Office (ICO).
The drive was removed for updating from a safe which only nine members staff had the security clearance to enter. Staff only noticed that it had not been returned some days later. Despite a search by six people over two days, the drive was not found and remains missing 15 months later.
The new drive had only been given out when security flaws were revealed with the loss of a previous drive in 2011, which contained details on about 16,000 prisoners from High Down prison in Surrey, and which went missing somewhere on the prison estate. The drives were described as holding “everything that the prison service needed to know” about the prisoners.
The Ministry of Justice issued new encrypted drives to all prisons in May 2012 but nobody had told staff at the prisons how to work them. The ICO investigation “found that the prison service didn’t realise that the encryption option on the new hard drives needed to be turned on to work correctly”.
Stephen Eckersley, the head of enforcement at the ICO, said: “The fact that a Government department with security oversight for prisons can supply equipment to 75 prisons throughout England and Wales without properly understanding, let alone telling them, how to use it beggars belief.
“The result was that highly sensitive information about prisoners and vulnerable members of the public, including victims, was insecurely handled for over a year. This failure to provide clear oversight was only addressed when a further serious breach occurred and the devices were finally setup correctly.”
The maximum penalty that can imposed for such a major breach is £500,000, but the ministry was ordered to pay less than half of that because there was no evidence that the details had been spread or used, and a botched attempt had been made to remedy the first failure.
“This is simply not good enough and we expect Government departments to be an example of best practice when it comes to looking after people’s information,” said Mr Eckersley. “We hope this penalty sends a clear message that organisations must not only have the right equipment available to keep people’s information secure, but must understand how to use it.”
A Ministry of Justice spokesperson said: "We take data protection issues very seriously and have made significant and robust improvements to our data security measures. These hard drives have now been replaced with a secure centralised system. Incidents like this are extremely rare and there is no evidence to suggest that any personal data got into the public domain.”
- 1 School kitchen manager 'fired from Colorado school for giving hungry students free lunches'
- 2 California man brutally beat 82-year-old Sikh grandfather he mistook for 'one of those people'
- 5 Charles Kennedy 'had better judgement drunk than many sober politicians' says Ian Hislop
California man brutally beat 82-year-old Sikh grandfather he mistook for 'one of those people'
Amber Peat: Body found in search for missing 13-year-old who left house after argument with her parents
Alton Towers crash: Four guests seriously injured as Smiler ride carriages collide
Charles Kennedy dead: A guy once asked the Lib Dem leader who his favourite Muppet was and his letter response was wonderful
Gay teenager 'forced to have sex with his own mother' to 'cure' his homosexuality, campaigners in India say
Thousands of teenage girls enduring debilitating illnesses after routine school cancer vaccination
Migrants in Kos: Photos show real tragedy after Brits abroad complain of 'awkward' holidays
British tourists complain that impoverished boat migrants are making holidays 'awkward' in Kos
Michael Gove determined to scrap the Human Rights Act – even if Scotland retains it
Threat to scrap Human Rights Act could see UK follow Nazi example, warns UN official
Church of England 'one generation away from extinction' after dramatic loss of followers
£17500 - £20000 per annum: Recruitment Genius: We currently require an experie...
£50000 - £100000 per annum: Recruitment Genius: A Partner Manager is required ...
£45000 - £100000 per annum: Recruitment Genius: A Regional Sales Manager is re...
£18000 - £22000 per annum: Recruitment Genius: The company provides IT support...