ICO Fines The Ministry Of Justice £180,000 For Prison Data Breaches

The Information Commissioner’s Office (ICO) has hit the Ministry of Justice (MoJ) with a £180,000 fine over repeated security failings of the prison system in England and Wales.

For example in May 2013, HMP Erlestoke prison in Wiltshire lost a back-up hard drive with confidential information about 2,935 prisoners. This included the details of their victims, visitors, links to organised crime, medical and drug history. Such information could pose a security risk in the wrong hands.

In 2011, a similar incident involving the details of 16,000 inmates happened at HMP High Down prison in Surrey.

Prison break

To make matters worse, the hard drive that went missing from Erlestoke prison was unencrypted, despite the fact that the prison service provided new drives with self-encrypting capabilities to all 75 prisons in England and Wales in 2012.

ICO said its latest investigation found that the prison staff simply didn’t realise that the encryption option on the drives needed to be turned on to work correctly.

“The fact that a government department with security oversight for prisons can supply equipment to 75 prisons throughout England and Wales without properly understanding, let alone telling them, how to use it beggars belief,” said Stephen Eckersley, head of enforcement at ICO.

“This failure to provide clear oversight was only addressed when a further serious breach occurred and the devices were finally setup correctly.

“We hope this penalty sends a clear message that organisations must not only have the right equipment available to keep people’s information secure, but must understand how to use it.”

The MoJ is now working with the National Offenders and Management Service to ensure all of the hard drives being used by prisons are securely encrypted. The ICO advises organisations to encrypt any personal information held electronically that would cause damage or distress if it were lost or stolen.

In total, the watchdog has issued £700,000 worth of penalties in just three recent cases where breaches could have been easily prevented by using encryption properly.

In July, UK-based online travel agency Essential Travel was fined £150,000, after hackers got their hands on more than a million debit and credit card records, as well as other customer data. It later turned out that while some of this data was encrypted, the encryption key was stored on the same server and could be easily accessed.

What do you know about tech regulators around the world? Take our quiz!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

6 hours ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

9 hours ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

11 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

1 day ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

1 day ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

1 day ago