Home Secretary Jacqui Smith was told of the security breach on
Tuesday and the Home Office made an announcement yesterday. The
data, taken from the Police National Computer, was being held by
contractor PA Consulting as part of a contract to manage prolific
and priority offenders.
The Home Office said that the memory stick contained the names
and dates of birth of every prisoner in England and Wales, a total
of 84,000 individuals. In some cases it included the prisoners'
expected date of release.
The device also held the names, addresses and dates of birth for
33,000 individuals with six or more recordable convictions in the
past 12 months, and the names and dates of birth of 10,000 prolific
and priority offenders.
A Home Office spokesperson said yesterday that a full
investigation is being conducted and that police and the
Information Commissioner had been informed.
"The data was held in a secure format on the contractor's site,"
said the spokesperson. "It was downloaded onto a memory stick for
processing purposes which has since been lost.
The Home Office said that the transfer of data to PA under the
contract has been suspended.
David Smith, Deputy Commissioner at the Information
Commissioner’s Office, said: “It is deeply worrying that after a
number of major data losses and the publication of two government
reports on high profile breaches of the Data Protection Act, more
personal information has been reported lost."
"The data loss by a Home Office contractor demonstrates that
personal information can be a toxic liability if it is not handled
properly and reinforces the need for data protection to be taken
seriously at all levels," he said. "It is vital that sensitive
information, such as prisoner records, is held securely at all
times."
The data lost by PA is classed as sensitive, personal
data by the Data Protection Act. This means that more stringent
rules apply to its collection and use, specifically when
assessing what security is appropriate. The Act requires
organisations to take into account the nature of the data and the
harm that might result to individuals from any unauthorised
disclosure.
Smith said that he expects the Home Office to provide his office
with the report of its internal investigation into the data
security arrangements in place with PA Consulting. "We will then
decide what further action may be appropriate," he said. "Searching
questions must be answered about what safeguards were in place to
protect this information.”
Shadow Home Secretary Dominic Grieve called the incident "a
massive failure of duty."
"What is more scandalous is that it is not the first time that
the Government has been shown to be completely incapable of
protecting the integrity of highly sensitive data, rendering them
unfit to be charged with protecting our safety," he said. “The
British taxpayer will be absolutely outraged if they are made to
pick up the bill for compensation to serious criminals.”
