The UK's Information Commissioner's Office (ICO) has fined the Ministry of Justice £180,000 for losing information on almost 3,000 prisoners.
The penalty comes after a back-up hard drive at the HMP Erlestoke prison in Wiltshire was lost in May 2013, with this containing ‘sensitive and confidential information' about 2,935 prisoners. The hard drive held prisoner information, including links to organised crime, health records, histories of drug misuse and material relating to victims and visitors.
The device was not encrypted and the MoJ is now working with the National Offenders and Management Service to ensure all of the hard drives being used by prisons are securely encrypted.
ICO head of enforcement Stephen Eckersley said in a statement: “The fact that a government department with security oversight for prisons can supply equipment to 75 prisons throughout England and Wales without properly understanding, let alone telling them, how to use it beggar's belief.
“The result was that highly sensitive information about prisoners and vulnerable members of the public, including victims, was insecurely handled for over a year. This failure to provide clear oversight was only addressed when a further serious breach occurred and the devices were finally setup correctly.
“This is simply not good enough and we expect government departments to be an example of best practice when it comes to looking after people's information. We hope this penalty sends a clear message that organisations must not only have the right equipment available to keep people's information secure, but must understand how to use it."