Locks and Security News: your weekly locks and security industry newsletter
20th May 2020 Issue no. 508
Your industry news - first
We strongly recommend viewing Locks and Security News full size in your web browser. Click our masthead above to visit our website version.
Ministry of Justice served with £180,000 penalty following encryption errors
The Ministry of Justice received a monetary penalty of £180,000 last week following a serious breach of the Data Protection Act. The breach was caused by the loss of an unencrypted hard drive at HMP Erlestoke in Wiltshire in May last year. The drive contained sensitive information relating to 2,935 prisoners.
The ICO recommends that portable and mobile devices containing personal information, the loss of which could cause damage and distress to the individuals affected, should be encrypted.
The breach at HMP Erlestoke followed a similar incident in October 2011, when the ICO was alerted to the loss of another unencrypted hard drive containing the details of 16,000 prisoners serving time at HMP High Down prison in Surrey.
In response to the first incident the Ministry of Justice issued new hard drives to 75 prisons that were able to encrypt the data stored on them. However the department failed to realise that the encryption option needed to be turned on to work, resulting in sensitive information being stored insecurely across prisons throughout England and Wales for over a year.
Announcing the penalty the ICO’s Head of Enforcement, Stephen Eckersley said “we hope this penalty sends a clear message that organisations must not only have the right equipment available to keep people’s information secure, but must understand how to use it.”
10th September 2014