Prisoner data breach firm paid £100m

PA Consulting also 'helping to deliver' ID cards project...
Written by Natasha Lomas, Contributor

PA Consulting also 'helping to deliver' ID cards project...

The management consultancy firm at the centre of the latest government data breach storm has been paid almost £100m over three years for its services by the Home Office and its agencies, with individual consultants from the company being charged to the department at an average of more than £1,000 per day.

PA Consulting was appointed by the Home Office in June 2007 to provide application support for tracking prolific and priority offenders through the criminal justice system. But this week it emerged a USB memory stick containing unencrypted data on all the prisoners in England and Wales - some 84,000 individuals - had been lost by the company.

Details stored on the memory stick include names, dates of birth and some expected release data. It also contains the names and dates of birth of some 10,000 individuals who are classed as prolific and priority offenders, as well as the initials of individuals involved with the Drug Interventions Programme.

The Home Office said one member of PA Consulting staff has been suspended following the breach. PA Consulting refused to confirm this, stating only: "We are collaborating closely with the Home Office on this matter. We have no further comment to make at this time."

Working with the Home Office on prisoner tracking is not the only government business PA Consulting has been involved with.

Since 2004 the company has been contracted as a development partner for the government's national identity cards scheme - to help with design, feasibility testing, business and procurement elements of the project.

Asked whether PA Consulting is fit to advise the government on the design of the ID cards system in light of its failure to keep prisoner data secure, a Home Office spokeswoman refused comment. The spokeswoman also refused to comment on whether the contractor will be sacked following the breach, but she added: "We are investigating the external contractor's contractual obligations."

PA Consulting was paid more than £19.1m by the Home Office in the financial year 2004 to 2005, according to minister of state Liam Byrne's response to a parliamentary question earlier this year. The following year it was paid £40.3m, and in 2006 to 2007 it was paid £36.1m - meaning the taxpayer has coughed up almost £100m over three years for its services.

The Home Office spokeswoman could not confirm how much PA Consulting has been specifically paid for work done on the government's controversial ID cards proposal, although a departmental response to a 2005 Freedom of Information (FoI) request states almost £17.1m was paid to the company for work done between 2004 and 2005 on the ID cards project.

It adds that the total value of the contract will not be known until the work is finished: "The PA Consulting contract involves work on the design, feasibility testing, business case and procurement elements of the identity cards programme.

"The nature of the contract for this service is such that an outturn value is not defined; packages of work are agreed monthly. The Home Office has made no commitment to any contract value.

"Although the total value of the contract will not be known until the contract is concluded, I can tell you that the estimated prices given in the successful tender by the contractor were £9.87m for the development phase of the programme and £8.87m for the subsequent procurement phase."

The request also reveals the average daily cost per PA Consulting consultant is £1,093.

Anti-ID cards campaign group No2ID described the latest government data breach as an "utter disgrace".

Phil Booth, No2ID national co-ordinator, said in a statement: "The question is not why was this data lost - it was lost because they had it - but why anyone got hold of individually identifiable mass data from the supposedly secure Police National Computer at all. No more excuses, no more buck-passing. When is this going to stop?

"The Home Office's policy of casual data trafficking, and the Ministry of Justice's stated goal to 'remove barriers to data sharing', are arrogant beyond belief. If they did this with PNC data, what will they do with your personal identity details?"

The Conservative party shadow home secretary, Dominic Grieve, added in a statement: "The public will be alarmed that the government is happy to entrust their £20bn ID card project to the firm involved in this fiasco, at a cost of millions of pounds to the UK taxpayer."

"This will destroy any grain of confidence the public still have in this white elephant and reinforce why it could endanger - rather than strengthen - our security.

"[Home secretary] Jacqui Smith cannot continue to abdicate responsibility for this shambles. She must at a bare minimum explain how this failure could happen, when she first knew about it, and what she now intends to do about it. Why did she sit on this information until it was dragged out by the media? When was she intending to tell the public?"

A recent Home Office response to another ID cards related FoI enquiry shows the department spent a total of £31.6m on external consultants' services for the ID cards project between the financial years 2003/04 and 2005/06.

Editorial standards