Prison service fined £180,000 for losing unencrypted hard drive with 3,000 prisoners' details on
Loss came on the heels of a previous lost hard drive
Could there be a safer place to store the most sensitive information? Scrambled behind encryption software, locked up inside an industrial safe so strong it can withstand a blaze, kept inside a locked room, protected by a sophisticated keypad system – and all within a secure prison.
But in the latest remarkable security blunder, it has emerged that jail staff lost a hard drive containing the intelligence logs on nearly 3,000 inmates, with all of its information unprotected because the prison service didn’t realise they had to switch on the encryption system.
The Ministry of Justice was ordered to pay £180,000 after handing out hard drives to all 75 prisons in England and Wales without telling anyone how to make the encryption system work.
None of the information contained on them was protected for more than a year until the blunder came to light after one of the drives went missing from the category C Erlestoke prison in Wiltshire in May last year. It contained details on inmates’ links to organised crime, their drug use and details of their victims – none of it protected, according to the Information Commissioner’s Office (ICO).
The drive was removed for updating from a safe which only nine members staff had the security clearance to enter. Staff only noticed that it had not been returned some days later. Despite a search by six people over two days, the drive was not found and remains missing 15 months later.
The new drive had only been given out when security flaws were revealed with the loss of a previous drive in 2011, which contained details on about 16,000 prisoners from High Down prison in Surrey, and which went missing somewhere on the prison estate. The drives were described as holding “everything that the prison service needed to know” about the prisoners.
The Ministry of Justice issued new encrypted drives to all prisons in May 2012 but nobody had told staff at the prisons how to work them. The ICO investigation “found that the prison service didn’t realise that the encryption option on the new hard drives needed to be turned on to work correctly”.
Stephen Eckersley, the head of enforcement at the ICO, said: “The fact that a Government department with security oversight for prisons can supply equipment to 75 prisons throughout England and Wales without properly understanding, let alone telling them, how to use it beggars belief.
“The result was that highly sensitive information about prisoners and vulnerable members of the public, including victims, was insecurely handled for over a year. This failure to provide clear oversight was only addressed when a further serious breach occurred and the devices were finally setup correctly.”
The maximum penalty that can imposed for such a major breach is £500,000, but the ministry was ordered to pay less than half of that because there was no evidence that the details had been spread or used, and a botched attempt had been made to remedy the first failure.
“This is simply not good enough and we expect Government departments to be an example of best practice when it comes to looking after people’s information,” said Mr Eckersley. “We hope this penalty sends a clear message that organisations must not only have the right equipment available to keep people’s information secure, but must understand how to use it.”
A Ministry of Justice spokesperson said: "We take data protection issues very seriously and have made significant and robust improvements to our data security measures. These hard drives have now been replaced with a secure centralised system. Incidents like this are extremely rare and there is no evidence to suggest that any personal data got into the public domain.”
- 1 Qataris pledge to expand Canary Wharf
- 2 #JeSuisEd: People share photos of themselves eating awkwardly in solidarity with Labour leader
- 3 Women think Irish men are the sexiest, survey finds
- 4 Florida couple forced to register as sex offenders for having sex on public beach
- 5 Watch eerie drone footage of destroyed building in Stalingrad
#JeSuisEd: People share photos of themselves eating awkwardly in solidarity with Labour leader
Florida couple forced to register as sex offenders for having sex on public beach
General election 2015: 'Nasty party' Ukip faces fresh questions over candidates on eve of vote
Who should I vote for in the general election? Take The Independent's interactive quiz to find out which party is the right choice for you
Ohio 'Shawshank Redemption' fugitive Frank Freshwater arrested after 56 years on the run
In defence of liberal democracy
General Election 2015: Post-election 'shambles' looms as 70 per cent of voters say SNP 'should not be able to veto UK government policies'
The Rothschild Libel: Why has it taken 200 years for an anti-Semitic slur that emerged from the Battle of Waterloo to be dismissed?
General Election 2015: UK will be 'run for the wealthy and powerful' if Tories retain power, Labour warns
General election live: SNP suspends two members for disrupting Labour rally
General Election 2015: Sturgeon claims Scots 'appalled' by Ed Miliband's refusal to work with SNP
£35000 - £40000 per annum + car and benefits: Ashdown Group: Marketing Manager...
£18000 - £20000 per annum: Ashdown Group: Helpdesk Analyst - Devon - £20,000 ...
£35000 - £50000 per annum + generous bonus: Ashdown Group: Business Analytics ...
£45000 - £50000 per annum: Ashdown Group: IT Project Coordinator (Software Dev...