Feeds

Loss of unencrypted back-up disk costs UK prisons ministry £180K

Repeat offender

Intelligent flash storage arrays

The UK's Ministry of Justice has been fined £180,000 following the latest in a series of failures involving how prisons handle private information.

The penalty (PDF) follows the loss of a back-up hard drive at HMP Erlestoke prison in Wiltshire back in May 2013. The *unencrypted* hard drive contained sensitive and confidential information about 2,935 prisoners including health information, history of drug misuse and material about victims and visitors.

The incident followed a similar case in October 2011, when the data privacy watchdogs at the Information Commissioner’s Office were notified about the loss of another unencrypted hard drive containing the details of 16,000 prisoners serving time at HMP High Down prison in Surrey. In response to the incident at HMP High Down, the prison service provided new hard drives to all of the 75 prisons across England and Wales that were still using back-up hard drives. These devices were able to encrypt the information stored on them. This encryption was not applied by default.

The ICO’s investigation into the latest incident "found that the prison service didn’t realise that the encryption option on the new hard drives needed to be turned on to work correctly".

Highly sensitive information was insecurely handled by prisons across England and Wales for over a year, leading to the latest data loss at HMP Erlestoke, a statement on the ICO's investigation explains. "If the hard drives in both of these cases had been encrypted, the information would have remained secure despite their loss," it added.

ICO Head of Enforcement, Stephen Eckersley, said that it had levied a high fine against the Ministry of Justice partly because government departments ought to be an example of best practice in handling sensitive information.

“The fact that a government department with security oversight for prisons can supply equipment to 75 prisons throughout England and Wales without properly understanding, let alone telling them, how to use it, beggars belief," Eckersley said.

“The result was that highly sensitive information about prisoners and vulnerable members of the public, including victims, was insecurely handled for over a year. This failure to provide clear oversight was only addressed when a further serious breach occurred and the devices were finally setup correctly," he added.

Eckersley concluded that the big fine against the MoJ ought to act as a message that "organisations must not only have the right equipment available to keep people’s information secure, but must understand how to use it”.

The Ministry of Justice, working with the National Offenders and Management Service, is taking action to ensure all of the hard drives being used by prisons are securely encrypted.

A blog post by the ICO explaining the importance of encryption and the encryption options available to organisations can be found here. ®

Internet Security Threat Report 2014

More from The Register

next story
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Yes, yes, Steve Jobs. Look what I'VE done for you lately – Tim Cook
New iPhone biz baron points to Apple's (his) greatest successes
Lords take revenge on REVENGE PORN publishers
Jilted Johns and Jennies with busy fingers face two years inside
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.