Personal information on thousands of criminals in England and Wales has been lost on a USB drive. The unencrypted details were lost by private firm PA Consulting during ‘processing'.
The dangers of allowing employees to use USB drives in confidential data environments have been widely publicised for some time, with many FTSE IT departments going so far as to glue USB ports shut to prevent their use.
Alan Middleton CEO PA Consulting said in April this year that he was a fan of IT, but qualified this: “I'm still a bit cynical”, he told the FT.
The Home Office says a full investigation is being conducted into how the details of 84,000 prisoners came to be lost on the storage device. Although the data was encrypted at rest, the data on the USB stick was not.
David Smith, Deputy Commissioner for the Information Commissioner's Office, said that the news was “deeply worrying”, and continued “The data loss by a Home Office contractor demonstrates that personal information can be a toxic liability if it is not handled properly and reinforces the need for data protection to be taken seriously at all levels. Searching questions must be answered about what safeguards were in place to protect this information.”
The data includes un-encrypted details about 10,000 prolific offenders, as well as names, dates of births and some release information of all 84,000 prisoners in England and Wales - and a further 33,000 records from the police national computer.
PA Consulting held the data as part of a contract to work on a database of ‘prolific and priority offenders' called JTrack. A spokesman for the company refused to comment on the data loss.
Frances Anderson, media and ICT partner Cobbetts, said: “On the face of it, this appears to be a very serious breach of the Data Protection act. Not just because of its massive scale, but due to the extremely sensitive nature of the information.”
This latest breach is the latest in a series of high-profile security lapses in the public sector, and follows the publication of two detailed government reports into data handling policies that breached the Data Protection Act.
Lib Dem leader Nick Clegg said: "The government will no doubt seek to blame private contractors, but the rash of data losses over the last two years confirm that there is something much more worrying at stake: this government cannot keep any information safe."
Ironically, PA Consulting has been involved in developing the controversial ID card scheme, which opposition MPs claim will not provide sufficient security for citizen's personal information. The company is keen to promote a technology-savvy persona, even to the lengths of building a presence in Second Life, the online virtual world.