Prison service fined £180,000 for losing unencrypted hard drive with 3,000 prisoners' details on
Loss came on the heels of a previous lost hard drive
Could there be a safer place to store the most sensitive information? Scrambled behind encryption software, locked up inside an industrial safe so strong it can withstand a blaze, kept inside a locked room, protected by a sophisticated keypad system – and all within a secure prison.
But in the latest remarkable security blunder, it has emerged that jail staff lost a hard drive containing the intelligence logs on nearly 3,000 inmates, with all of its information unprotected because the prison service didn’t realise they had to switch on the encryption system.
The Ministry of Justice was ordered to pay £180,000 after handing out hard drives to all 75 prisons in England and Wales without telling anyone how to make the encryption system work.
None of the information contained on them was protected for more than a year until the blunder came to light after one of the drives went missing from the category C Erlestoke prison in Wiltshire in May last year. It contained details on inmates’ links to organised crime, their drug use and details of their victims – none of it protected, according to the Information Commissioner’s Office (ICO).
The drive was removed for updating from a safe which only nine members staff had the security clearance to enter. Staff only noticed that it had not been returned some days later. Despite a search by six people over two days, the drive was not found and remains missing 15 months later.
The new drive had only been given out when security flaws were revealed with the loss of a previous drive in 2011, which contained details on about 16,000 prisoners from High Down prison in Surrey, and which went missing somewhere on the prison estate. The drives were described as holding “everything that the prison service needed to know” about the prisoners.
The Ministry of Justice issued new encrypted drives to all prisons in May 2012 but nobody had told staff at the prisons how to work them. The ICO investigation “found that the prison service didn’t realise that the encryption option on the new hard drives needed to be turned on to work correctly”.
Stephen Eckersley, the head of enforcement at the ICO, said: “The fact that a Government department with security oversight for prisons can supply equipment to 75 prisons throughout England and Wales without properly understanding, let alone telling them, how to use it beggars belief.
“The result was that highly sensitive information about prisoners and vulnerable members of the public, including victims, was insecurely handled for over a year. This failure to provide clear oversight was only addressed when a further serious breach occurred and the devices were finally setup correctly.”
The maximum penalty that can imposed for such a major breach is £500,000, but the ministry was ordered to pay less than half of that because there was no evidence that the details had been spread or used, and a botched attempt had been made to remedy the first failure.
“This is simply not good enough and we expect Government departments to be an example of best practice when it comes to looking after people’s information,” said Mr Eckersley. “We hope this penalty sends a clear message that organisations must not only have the right equipment available to keep people’s information secure, but must understand how to use it.”
A Ministry of Justice spokesperson said: "We take data protection issues very seriously and have made significant and robust improvements to our data security measures. These hard drives have now been replaced with a secure centralised system. Incidents like this are extremely rare and there is no evidence to suggest that any personal data got into the public domain.”
Kirstie Allsopp has waded into the female fertility debate again
Gillian Anderson lays into gender disparity in Hollywood
- 1 Snoop Dogg and Jared Leto buy a stake in Reddit as A-list invests $50m
- 2 Prince held a Facebook Q&A and this is the only question he answered...
- 3 'F*ck it, I quit': KTVA reporter Charlo Greene quits live on air in spectacular fashion
- 4 35,000 walrus gather on north-west Alaska beach 'for a rest'
- 5 Brad Pitt, on the moment he completely lost his temper with Clint Eastwood's son
Snoop Dogg and Jared Leto buy a stake in Reddit as A-list invests $50m
Prince held a Facebook Q&A and this is the only question he answered...
Brad Pitt, on the moment he completely lost his temper with Clint Eastwood's son
Jennifer Lawrence nude photos leak: More celebrities allegedly targeted as third wave of hacked images released
Cheryl Cole named 'the most dangerous celebrity' on the internet
Exclusive: 'Putin's Russia has been my biggest regret,' says Nato's outgoing Secretary General
The Osborne Ultimatum: Chancellor’s benefits freeze bombshell will affect ten million households
Former Tory donor Arron Banks ups his Ukip donation to £1million following William Hague 'nobody' comment
There’s no excuse for Dave Lee Travis’s behaviour, but we need to keep a sense of proportion
Should gay sex be illegal? 16% of Britons think so
Mark Reckless becomes second Tory MP to defect to Ukip in a month
- < Previous
- Next >
£20000 - £25000 per annum + Uncapped Commission, 1st yr OTE £30-£40k : SThree:...
£45000 - £50000 Per Annum: Clearwater People Solutions Ltd: Our client is curr...
£400 - £450 Per Day: Clearwater People Solutions Ltd: My client are looking fo...
£40000 - £45000 Per Annum + benefits: Clearwater People Solutions Ltd: Domino ...