Bungling MoJ hit by £180k penalty

Bungling MoJ hit by £140k penaltyThe Ministry of Justice has found itself banged to rights after bungling officials forgot to turn on the encryption device on back-up hard drives, exposing both prisoners’ and victims’ confidential data.
The Information Commissioner’s Office (ICO) – which said the case “beggard belief” – has served a £180,000 penalty on the government department for a catalogue of cock-ups.
The penalty follows the loss of an unencrypted back-up hard drive at HMP Erlestoke prison in Wiltshire in May 2013. The hard drive contained sensitive and confidential information about 2,935 prisoners, including details of links to organised crime, health information, history of drug misuse and material about victims and visitors.
The incident followed a similar case in October 2011, when the ICO was alerted to the loss of another unencrypted hard drive, containing the details of 16,000 prisoners serving time at HMP High Down prison in Surrey.
In response to the first incident, in May 2012 the prison service provided new hard drives to all of the 75 prisons across England and Wales still using back-up hard drives in this way; these devices were able to encrypt the information stored on them.
But the ICO’s investigation into the latest incident found that the prison service had failed to realise that the encryption option on the new hard drives needed to be turned on to work correctly.
The result was that highly sensitive information was insecurely handled by prisons across England and Wales for over a year, leading to the latest data loss at HMP Erlestoke. If the hard drives in both of these cases had been encrypted, the information would have remained secure despite their loss.
ICO head of enforcement Stephen Eckersley bemoaned: “The fact that a government department with security oversight for prisons can supply equipment to 75 prisons throughout England and Wales without properly understanding, let alone telling them, how to use it beggars belief.
“This is simply not good enough and we expect government departments to be an example of best practice when it comes to looking after people’s information. We hope this penalty sends a clear message that organisations must not only have the right equipment available to keep people’s information secure, but must understand how to use it.”
The Ministry of Justice, working with the National Offenders and Management Service, have now taken action to ensure all of the hard drives being used by prisons are securely encrypted.
Just ten months ago, the MoJ was hit by a £140,000 fine following a serious data breach which led to the details of all of the prisoners serving at HMP Cardiff being emailed to inmates’ families.

Related stories
Lawyers in the dock over data leaks
Treasury lawyers escape ICO fine
Govt fined £185k for IRA data gaffe
Red faces at MoJ for £140k data fine
Pitiful data fine triggers MoJ review
‘Chicken feed fines’ irk data chief
Lenient data theft sentence vilified
MPs back ‘lock up data thieves’ call
Graham: ‘Bang up data thieves’

1 Trackbacks & Pingbacks

  1. Swamp attack hack

Comments are closed.