Page last updated at 14:25 GMT, Thursday, 22 January 2009

Home Office guilty of data breach

Memory stick
The device was left in an unlocked drawer at PA Consulting's offices

The Home Office broke data protection laws when a contractor lost a memory stick with information on thousands of prisoners, a watchdog has ruled.

The Information Commissioner's Office said the Home Office must also sign a formal undertaking to improve its procedures for protecting data.

A PA Consulting employee left the stick in an unlocked drawer last August.

It contained the names, addresses and expected release dates of 84,000 prisoners in England and Wales.

Assistant Information Commissioner Mick Gorrill said: "This case was serious because it involved thousands of individual records, which contained sensitive information on people serving custodial sentences and others previously convicted of criminal offences.

"Even though a contractor lost the data, it is the data controller [the Home Office] which is responsible for the security of the information.

"The Data Protection Act clearly states that organisations must take appropriate measures to ensure that personal information is kept secure.

"The Home Office recognises the seriousness of this data loss and has agreed to take immediate remedial action. It has also agreed to conduct future audits to ensure compliance with the Act."

Nov 2007: 25m people's child benefit details, held on two discs
Dec 2007: 7,685 Northern Ireland drivers' details
Dec 2007: 3m learner drivers' details lost in US
Jan 2008: 600,000 people's details lost on Navy officer's stolen laptop
June 2008: Six laptops holding 20,000 patients' details stolen from hospital
July 2008: MoD reveals 658 laptops stolen in four years

PA Consulting had a 1.5 million contract with the department terminated following the data loss. But it is still heavily involved in the department's ID card scheme.

A government spokesman said: "The Home Office is committed to keeping information we hold safe and secure.

"We have made good progress to improve data security and we will continue to work closely with the Information Commissioner's Office to ensure that our systems are as robust as possible."

PA Consulting, which lost the memory stick from within its own offices in Victoria, central London, apologised for the loss of data at the time and said it had accepted its "responsibilities".

Home Secretary Jacqui Smith said last September that all contracts signed by the government with private companies would be checked to ensure they were "appropriate".

The memory stick also contained details of about 10,000 persistent offenders, and 33,000 records from the police national computer.

The loss led to fears that prisoners would attempt to claim compensation but Ms Smith reassured MPs that "appropriate measures are in place for individuals seeking information about the data held on them".

The Government has been criticised in recent times for some high-profile data loss cases.

In November 2007, two computer discs holding the personal details of all families in the UK with a child under 16 went missing, while in July 2008, the Ministry of Defence revealed that 658 laptops had been stolen in four years.

Print Sponsor

Data loss firm contract axed
10 Sep 08 |  UK Politics
Firm 'broke rules' over data loss
22 Aug 08 |  UK Politics
When financial data goes missing
26 Aug 08 |  Business
Extent of data losses is revealed
19 Aug 08 |  UK Politics
Discs loss 'entirely avoidable'
25 Jun 08 |  UK Politics
Tougher data rules for Whitehall
25 Jun 08 |  UK Politics

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific