Govt Fined Over Lost Prisoner Data Hard Drive
The Ministry of Justice has been hit with a £180,000 fine after a back-up hard drive containing confidential information about prisoners was lost.
The data watchdog issued the punishment after the storage device was lost at HMP Erlestoke prison in Wiltshire in May last year.
The drive was not encrypted and contained sensitive and confidential information about 2,935 prisoners.
Details such as links to organised crime, health information and drug use was contained on the drive, along with details of victims and visitors.
An investigation by the Information Commissioner's Office found data was routinely being handled without encryption at all 75 prisons in England and Wales.
The loss of the Wiltshire hard drive followed a similar case in October 2011, when the ICO was told of the loss of another unencrypted hard drive containing the details of 16,000 inmates at HMP High Down in Surrey.
In response to the Surrey incident, the Prison Service provided new hard drives to all prisons.
But the ICO found the Prison Service did not realise the encryption option on the new hard drives needed to be turned on to work correctly.
This meant highly sensitive information was insecurely handled for more than a year.
ICO head of enforcement Stephen Eckersley said: "The fact that a government department with security oversight for prisons can supply equipment to 75 prisons throughout England and Wales without properly understanding, let alone telling them, how to use it beggars belief.
"The result was that highly sensitive information about prisoners and vulnerable members of the public, including victims, was insecurely handled for over a year."
He added: "We hope this penalty sends a clear message that organisations must not only have the right equipment available to keep people's information secure, but must understand how to use it."