ICO Fines The Ministry Of Justice £180,000 For Prison Data Breaches

The Information Commissioner’s Office (ICO) has hit the Ministry of Justice (MoJ) with a £180,000 fine over repeated security failings of the prison system in England and Wales.

For example in May 2013, HMP Erlestoke prison in Wiltshire lost a back-up hard drive with confidential information about 2,935 prisoners. This included the details of their victims, visitors, links to organised crime, medical and drug history. Such information could pose a security risk in the wrong hands.

In 2011, a similar incident involving the details of 16,000 inmates happened at HMP High Down prison in Surrey.

Prison break

To make matters worse, the hard drive that went missing from Erlestoke prison was unencrypted, despite the fact that the prison service provided new drives with self-encrypting capabilities to all 75 prisons in England and Wales in 2012.

ICO said its latest investigation found that the prison staff simply didn’t realise that the encryption option on the drives needed to be turned on to work correctly.

“The fact that a government department with security oversight for prisons can supply equipment to 75 prisons throughout England and Wales without properly understanding, let alone telling them, how to use it beggars belief,” said Stephen Eckersley, head of enforcement at ICO.

“This failure to provide clear oversight was only addressed when a further serious breach occurred and the devices were finally setup correctly.

“We hope this penalty sends a clear message that organisations must not only have the right equipment available to keep people’s information secure, but must understand how to use it.”

The MoJ is now working with the National Offenders and Management Service to ensure all of the hard drives being used by prisons are securely encrypted. The ICO advises organisations to encrypt any personal information held electronically that would cause damage or distress if it were lost or stolen.

In total, the watchdog has issued £700,000 worth of penalties in just three recent cases where breaches could have been easily prevented by using encryption properly.

In July, UK-based online travel agency Essential Travel was fined £150,000, after hackers got their hands on more than a million debit and credit card records, as well as other customer data. It later turned out that while some of this data was encrypted, the encryption key was stored on the same server and could be easily accessed.

What do you know about tech regulators around the world? Take our quiz!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

24 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago