Ministry of Justice have been issued a £180,000 fine for losing a hard disk containing details of just under 3000 prisoners at HMP Erlestoke prison in May 2013.
The hard drive contained confidential information relating to organised crime, health information, history of drug misuse and material about victims and visitors of each inmate. The hard drive was not encrypted, which would have meant the data would still be secure even in the wrong hands. Unfortunately the lack of encryption means the information can be accessed by anyone who has the hard drive.
Previously in October 2011, another hard drive containing sensitive details of 16,000 prisoners at HMP High Down prison in Surrey was lost. This hard drive was also not encrypted. As a response to avoid future occurrences, new hard drives were provided to 75 prisons across England and Wales in May 2012. These hard drives are able to encrypt the information stored on them.
However, the latest Information Commissioner’s Office (ICO) investigation found that the prison services were unaware that the encryption option needed to be manually activated, meaning information stored on the hard drives remained exposed, making the latest security breach much more severe.
Stephen Eckersley, ICO Head of Enforcement, said:
“The fact that a government department with security oversight for prisons can supply equipment to 75 prisons throughout England and Wales without properly understanding, let alone telling them, how to use it beggars belief.
This is simply not good enough and we expect government departments to be an example of best practice when it comes to looking after people’s information. We hope this penalty sends a clear message that organisations must not only have the right equipment available to keep people’s information secure, but must understand how to use it.”
A Ministry of Justice spokeswoman said: “We take data protection issues very seriously and have made significant and robust improvements to our data security measures.
“These hard drives have now been replaced with a secure centralised system.”