Out-Law News 2 min. read
22 Aug 2008, 12:41 pm
Home Secretary Jacqui Smith was told of the security breach on Tuesday and the Home Office made an announcement yesterday. The data, taken from the Police National Computer, was being held by contractor PA Consulting as part of a contract to manage prolific and priority offenders.
The Home Office said that the memory stick contained the names and dates of birth of every prisoner in England and Wales, a total of 84,000 individuals. In some cases it included the prisoners' expected date of release.
The device also held the names, addresses and dates of birth for 33,000 individuals with six or more recordable convictions in the past 12 months, and the names and dates of birth of 10,000 prolific and priority offenders.
A Home Office spokesperson said yesterday that a full investigation is being conducted and that police and the Information Commissioner had been informed.
"The data was held in a secure format on the contractor's site," said the spokesperson. "It was downloaded onto a memory stick for processing purposes which has since been lost.
The Home Office said that the transfer of data to PA under the contract has been suspended.
David Smith, Deputy Commissioner at the Information Commissioner’s Office, said: “It is deeply worrying that after a number of major data losses and the publication of two government reports on high profile breaches of the Data Protection Act, more personal information has been reported lost."
"The data loss by a Home Office contractor demonstrates that personal information can be a toxic liability if it is not handled properly and reinforces the need for data protection to be taken seriously at all levels," he said. "It is vital that sensitive information, such as prisoner records, is held securely at all times."
The data lost by PA is classed as sensitive, personal data by the Data Protection Act. This means that more stringent rules apply to its collection and use, specifically when assessing what security is appropriate. The Act requires organisations to take into account the nature of the data and the harm that might result to individuals from any unauthorised disclosure.
Smith said that he expects the Home Office to provide his office with the report of its internal investigation into the data security arrangements in place with PA Consulting. "We will then decide what further action may be appropriate," he said. "Searching questions must be answered about what safeguards were in place to protect this information.”
Shadow Home Secretary Dominic Grieve called the incident "a massive failure of duty."
"What is more scandalous is that it is not the first time that the Government has been shown to be completely incapable of protecting the integrity of highly sensitive data, rendering them unfit to be charged with protecting our safety," he said. “The British taxpayer will be absolutely outraged if they are made to pick up the bill for compensation to serious criminals.”
