Advertisement
Promo

Security threats Toolkit

Data Breaches

Worker suspended over loss of prisoner data

David Meyer ZDNet.co.uk

Published: 22 Aug 2008 12:40 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A staff member at PA Consulting Group has been suspended after the contractor lost details on all prisoners in England and Wales, along with those of tens of thousands of offenders.

The data was being held, unencrypted, on a memory stick for processing purposes, the Home Office said in a Friday statement, saying that precisely how that stick was lost is now the subject of an internal investigation. A Home Office spokesperson told ZDNet.co.uk that PA Consulting had been "appointed by the Home Office in June 2007 to provide application support for tracking prolific and other priority offenders through the criminal justice system".

Following the discovery of the loss, the Home Office has suspended the transfer of data from the same assignment to PA Consulting. The government department is investigating PA Consulting's contractual obligations, the spokesperson said. In addition, a "member of [PA Consulting's] staff has been suspended", the Home Office spokesperson confirmed.

A spokesperson for PA Consulting would say only that the London-based firm was "collaborating closely with the Home Office on this matter". The contractor also undertakes other work for the Home Office, including providing biometric systems. The firm also has a logistics research contract with the Ministry of Defence, and provides web design for the Foreign and Commonwealth Office.

According to the Home Office statement, the lost memory stick carried "data from the Police National Computer, containing personal information about 33,000 individuals with six or more recordable convictions in the last 12 months (names, addresses and dates of birth); data relating to [approximately 10,000] prolific and other priority offenders (names and dates of birth, but not addresses); data relating to all [84,000] prisoners in England and Wales (names, dates of birth and, in some cases, expected prison release date and date of Home Detention Curfew); and Drug Interventions Programme data, with offenders' initials but not full names".

The police and the Information Commissioner's Office (ICO) have been informed of the breach. Deputy information commissioner David Smith said in a statement that it is "deeply worrying that, after a number of major data losses and the publication of two government reports on high-profile breaches of the Data Protection Act, more personal information has been reported lost".

"The data loss by a Home Office contractor demonstrates that personal information can be a toxic liability if it is not handled properly, and reinforces the need for data protection to be taken seriously at all levels," Smith said. "It is vital that sensitive information, such as prisoner records, is held securely at all times."

Read this

Feature
Protect your mobile devices in any location

Forget the recent hype about about Chinese hackers — users and organisations should be securing mobile systems as a matter of course, so follow these tips to find out how

Read more +

The ICO said it is awaiting a report following the Home Office's internal investigation, and will then decide on further action.

Security companies were quick to offer their thoughts on the data loss. Andrew Clarke, a senior vice president at Lumension Security, called on the government to institute "device-control policies… that enforce assigned permissions to individuals and devices".

"It is about putting the eyes of the management team on people's PCs. After all, if people know they are being watched, they are more likely to think again," Clarke added.

F5 Networks' security technology sales manager, Bill Beverley, said in a statement that public bodies should have similar security controls to those imposed on the financial sector. "Guidance measures, such as the [Payment Cards Industry] directive… are successful because they... provide effective and comprehensive methodology to protect data and... they are enforced," he said, adding that such controls would bring about a dramatic reduction in the incidence of data loss in the public sector.

The UK public sector has suffered numerous data breaches over the last year, the most notable being the loss of 25 million child-benefit claimant details by HM Revenue & Customs in November 2007. This month, the Foreign and Commonwealth Office reported five data breaches since 2007, and the Ministry of Justice reported nine incidents, affecting 45,000 people.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON
Data Breaches

Did you find this article useful?
13 out of 13 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

3 comments

  1. It could be worse dgerard
  2. How times change. Yellowcave
  3. Punishment & Deterrent 1000215420

Related Links

More in this Special Report

The top five internal security threats

The top five internal security threats

It's widely known that internal staff are the biggest threat to IT security, but what specifically should an employer watch out for? more

Keeping mobile data from going walkabout

Keeping mobile data from going walkabout

Mobile email is no longer the preserve of upper management but providing access to company information on the go has its risks more

Lib Dems call for data guardians

Lib Dems call for data guardians

The Liberal Democrats are seeking the introduction of data guardians into the public and private sector, to protect citizens' information rights more

Worker suspended over loss of prisoner data

Worker suspended over loss of prisoner data

An employee at Home Office contractor PA Consulting has been suspended after the loss of a memory stick holding the unencrypted details of every prisoner in England and Wales more

Ministry of Justice reports nine data breaches

Ministry of Justice reports nine data breaches

The ministry reported the data breaches, affecting around 45,000 people, to the Information Commissioner's Office in the last financial year more

Foreign Office reports five data breaches since 2007

Foreign Office reports five data breaches since 2007

The data breaches at the Foreign and Commonwealth Office are thought to have affected less than 188 people in total more

ICO: Gov't ignoring data-sharing hazards

ICO: Gov't ignoring data-sharing hazards

The government is blindly pursuing data-sharing plans without heeding the potential pitfalls, information commissioner Richard Thomas has claimed more

Lords presses government for data-breach law

Lords presses government for data-breach law

The House of Lords has again urged the government to introduce a data-breach notification law, adding that banks should be liable for e-fraud losses more

Video: Get the most out of your data

Video: Get the most out of your data

How do companies deal with information management? Jonathan Steel, CEO of tech-research firm The Bathwick Group, gives insights based on a recent ZDNet.co.uk benchmark survey more

Justice minister urges overhaul of gov't data handling

Justice minister urges overhaul of gov't data handling

Michael Wills has called for the government to handle data transactions as carefully as financial transactions more

MoD announces data-protection action plan

MoD announces data-protection action plan

The ministry has published a plan of how it intends to meet 51 data-policy recommendations made as part of review into the loss of MoD laptops more

Systemic failure blamed for HMRC data loss

Systemic failure blamed for HMRC data loss

Two reports have found the loss by HMRC of 25 million child-benefit claimant details was 'entirely avoidable' more

Featured Oracle Resources

Human Resources Management eBook

Supply Chain Management eBook

Design and Innovation Report

Economist Intelligence Unit Report - Technology and growth at mid-sized companies

See All White Papers

Company/Topic Alerts

Create a new alert from the list below:






Related Jobs

BA - Website - Public Sector - London - 330

Senior Internal Auditor - Public Sector

IT Public Sector Sales Exec London to 90K

Related BlackBerry Resources

Human Resources Management eBook

Supply Chain Management eBook

Design and Innovation Report

Economist Intelligence Unit Report - Technology and growth at mid-sized companies

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Climate research centre compromised

One of the UK's leading climate change research centres has had a security breach. The Climate Research Unit at the University of East Anglia (UEA) suffered a compromise of information,... More

1 comment

Government web-monitoring plans on hol...

Government plans to compel ISPs to process and store details of all web communications have been put on hold until after the next election. The Home Office told ZDNet UK on Wednesday... More

1 comment

Watchdog reveals illegal sale of phone...

The Information Commissioner's Office is preparing a prosecution file against a mobile operator's employees who allegedly sold on thousands of customers' details to a competitor. The... More

1 comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters