£180k fine after computer hard drive loss from Erlestoke Prison
Updated 1:23pm Tuesday 26th August 2014 in By Staff reporter
The Ministry of Justice has been fined £180,000 by the data watchdog for serious failings in the way prisons have been handling information relating to inmates, victims and visitors after the loss of a back-up hard drive at Erlestoke Prison.
The hard drive, which was not encrypted, contained sensitive and confidential information about 2,935 prisoners, including details of links to organised crime, health information, and history of drug misuse, as well as material about victims and visitors.
Now the Information Commissioner's Office (ICO) has served the Government department with the penalty following the loss of the back-up hard drive at HMP Erlestoke in May last year.
The ICO's investigation into the blunder discovered the prison service did not realise that an encryption option, designed to protect data on back-up hard drives, needed to be turned on to work correctly - meaning information was being insecurely handled at all 75 prisons in England and Wales.
The loss followed a similar case in October 2011, when the ICO was alerted to the loss of another unencrypted hard drive containing the details of 16,000 inmates at HMP High Down in Surrey.
In response to the first incident, the Prison Service provided new hard drives to 75 jails across England and Wales.
But the ICO found that the Prison Service did not realise the encryption option on the new hard drives needed to be turned on to work correctly, meaning highly sensitive information was insecurely handled by jails across England and Wales for more than a year.
ICO head of enforcement Stephen Eckersley said: "The fact that a government department with security oversight for prisons can supply equipment to 75 prisons throughout England and Wales without properly understanding, let alone telling them, how to use it beggars belief.
"The result was that highly sensitive information about prisoners and vulnerable members of the public, including victims, was insecurely handled for over a year.
"This failure to provide clear oversight was only addressed when a further serious breach occurred and the devices were finally set up correctly.
"This is simply not good enough and we expect government departments to be an example of best practice when it comes to looking after people's information.
"We hope this penalty sends a clear message that organisations must not only have the right equipment available to keep people's information secure, but must understand how to use it."
The Prison Service has experienced a turbulent period as official statistics revealed a leap in the number of on-the-run inmates in the last year, as well as an increase in deaths in custody and a rise in the number of jails considered to be ''of concern''.
Meanwhile, a raft of reports from the Prisons' Inspectorate have exposed failings in a number of jails across England and Wales.