Prison service fined £180,000 for losing unencrypted hard drive with 3,000 prisoners' details on
Loss came on the heels of a previous lost hard drive
Could there be a safer place to store the most sensitive information? Scrambled behind encryption software, locked up inside an industrial safe so strong it can withstand a blaze, kept inside a locked room, protected by a sophisticated keypad system – and all within a secure prison.
But in the latest remarkable security blunder, it has emerged that jail staff lost a hard drive containing the intelligence logs on nearly 3,000 inmates, with all of its information unprotected because the prison service didn’t realise they had to switch on the encryption system.
The Ministry of Justice was ordered to pay £180,000 after handing out hard drives to all 75 prisons in England and Wales without telling anyone how to make the encryption system work.
None of the information contained on them was protected for more than a year until the blunder came to light after one of the drives went missing from the category C Erlestoke prison in Wiltshire in May last year. It contained details on inmates’ links to organised crime, their drug use and details of their victims – none of it protected, according to the Information Commissioner’s Office (ICO).
The drive was removed for updating from a safe which only nine members staff had the security clearance to enter. Staff only noticed that it had not been returned some days later. Despite a search by six people over two days, the drive was not found and remains missing 15 months later.
The new drive had only been given out when security flaws were revealed with the loss of a previous drive in 2011, which contained details on about 16,000 prisoners from High Down prison in Surrey, and which went missing somewhere on the prison estate. The drives were described as holding “everything that the prison service needed to know” about the prisoners.
The Ministry of Justice issued new encrypted drives to all prisons in May 2012 but nobody had told staff at the prisons how to work them. The ICO investigation “found that the prison service didn’t realise that the encryption option on the new hard drives needed to be turned on to work correctly”.
Stephen Eckersley, the head of enforcement at the ICO, said: “The fact that a Government department with security oversight for prisons can supply equipment to 75 prisons throughout England and Wales without properly understanding, let alone telling them, how to use it beggars belief.
“The result was that highly sensitive information about prisoners and vulnerable members of the public, including victims, was insecurely handled for over a year. This failure to provide clear oversight was only addressed when a further serious breach occurred and the devices were finally setup correctly.”
The maximum penalty that can imposed for such a major breach is £500,000, but the ministry was ordered to pay less than half of that because there was no evidence that the details had been spread or used, and a botched attempt had been made to remedy the first failure.
“This is simply not good enough and we expect Government departments to be an example of best practice when it comes to looking after people’s information,” said Mr Eckersley. “We hope this penalty sends a clear message that organisations must not only have the right equipment available to keep people’s information secure, but must understand how to use it.”
A Ministry of Justice spokesperson said: "We take data protection issues very seriously and have made significant and robust improvements to our data security measures. These hard drives have now been replaced with a secure centralised system. Incidents like this are extremely rare and there is no evidence to suggest that any personal data got into the public domain.”
- 1 Rowan Atkinson to sell £10 million McLaren 'supercar' he crashed into a tree and a lamppost
- 2 The truth about 'girl things': Three cheers for Heather Watson's honesty
- 3 Man who held up 'hire me' sign at Waterloo station returns a year later with 'I'm hiring' sign
- 5 Men behaving badly: Urinating while standing, 'manspreading' and the gendering of selfishness
Man who held up 'hire me' sign at Waterloo station returns a year later with 'I'm hiring' sign
Edgar Froese dead: Tangerine Dream founder dies aged 70
Saudi preacher who 'raped and tortured' his five -year-old daughter to death is released after paying 'blood money'
Syrian refugee child beaten by Istanbul Burger King manager for eating customer’s leftover food
Iraq invasion 2003: The bloody warnings six wise men gave to Tony Blair as he prepared to launch poorly planned campaign
British Muslim leaders outraged after Eric Pickles says followers of Islam should 'prove their identity'
UK terror fears: My jihadist son returned from Syria mentally scarred – now he is being ignored
Nigel Farage: NHS might have to be replaced by private health insurance
Billy Crystal: 'Stop shoving gay sex scenes in my face'
'We would evict Queen from Buckingham Palace and allocate her council house,' say Greens
French court convicts three over homophobic tweets, in case hailed as a 'significant victory' by LGBT rights campaigners
Excellent Salary : Austen Lloyd: OXFORD - REGIONAL FIRM - An excellent opportu...
Super Package: Austen Lloyd: BRISTOL - SENIOR CLINICAL NEGLIGENCE - An outstan...
£15000 - £50000 per annum: Recruitment Genius: Fantastic opportunities are ava...
Negotiable: Recruitment Genius: A Compute Engineer is required to join a globa...