Home Office rapped over data-protection breach

Home Office rapped over data-protection breach

Summary: The Information Commissioner's Office has found the Home Office responsible for the loss by contractor PA Consulting of 84,000 prisoners' data

SHARE:
TOPICS: Government UK
0

Privacy watchdog the Information Commissioner's Office has found the Home Office to have breached data-protection law over the loss of 84,000 prisoners' data.

Although the data was lost by contractor PA Consulting, as the relevant data controller the Home Office was ultimately accountable for the loss under the Data Protection Act, said assistant information commissioner Mick Gorrill.

"This case was serious because it involved thousands of individual records, which contained sensitive information on people serving custodial sentences and others previously convicted of criminal offences," said Gorrill in a statement. "This breach illustrates that, even though a contractor lost the data, it is the data controller (the Home Office) which is responsible for the security of the information. It is vital that sensitive personal information is handled properly and held securely at all times."

The Information Commissioner's Office (ICO) will now require the Home Office to sign a formal undertaking to ensure that the government department will process information "securely" in the future. All portable and mobile devices that store and transmit personal information must be encrypted. Any contractor processing personal information on behalf of the Home Office must also use encryption software, which must be "clearly stated in all contracts", said the ICO.

If the Home Office fails to meet the terms of the undertaking, then it will be subject to "further enforcement action", the ICO added.

Read this

Leader

Leader: Learning from the UN's security failure

The UN has found massive flaws in its internal IT security, for reasons that may be all too familiar in the boardroom

Read more

A Home Office spokesperson said on Friday that the department was committed to keeping information "safe and secure". "We have made good progress to improve data security and we will continue to work closely with the Information Commissioner's Office to ensure that our systems are as robust as possible," the spokesperson told ZDNet UK.

Contractor PA Consulting lost its £1.5m contract to administer the JTrack prisoner-tracking data for the Home Office following the loss of a flash memory stick last summer. The memory stick contained details of the entire 84,000-person UK prison population. At the time, the Home Office axed the relevant contract with PA Consulting and said it was also reviewing its other contracts with the firm. ZDNet UK understands that those contracts are still under review.

Topic: Government UK

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion