The Information Commissioner’s Office (ICO) have reported today that The Ministry of Justice has been fined £180,000 for “serious failings” in the handling of confidential data. This is as a result of the loss of a hard drive containing the details of almost 3,000 prisoners at Erlestoke prison in Wiltshire and occurred in 2013.
Despite a similar incident in 2011, in which the details of 16,000 prisoners were lost on a disk that was not protected, the Ministry of Justice issued the Prison Service with new back-up hard drives that could be encrypted.
The disk in question was not encrypted and contained material relating to organised crime, prisoners’ health and drug misuse as well as information about inmates’ victims and visitors.
The government body failed to explain to its employees that the encryption option had to be switched on manually and as a result the data lost was unprotected and could be accessed by anyone that found the hard drive.
ICO head of enforcement, Stephen Eckersley, is quoted as saying that “The fact that a government department with security oversight for prisons can supply equipment to 75 prisons throughout England and Wales without properly understanding, let alone telling them, how to use it, beggars belief.”
“The result was that highly sensitive information about prisoners and vulnerable members of the public, including victims, was insecurely handled for over a year.”
He added: “We hope this penalty sends a clear message that organisations must not only have the right equipment available to keep people’s information secure, but must understand how to use it.”
To read the original article in full please visit http://ico.org.uk/news/latest_news/2014/repeated-security-failings-lead-to-180000-fine-for-moj-26082014
If you are looking to retire redundant IT equipment and have concerns over data security and complying with ICO guidelines, please contact us on 0845 600 4696 or via firstname.lastname@example.org