The Information Commissioner’s Office (ICO) has found the Home Office in breach of the Data Protection Act after a contractor, PA Consulting, lost an unencrypted memory stick holding sensitive personal details of thousands of individuals in August 2008.
Details lost included information about individuals serving custodial sentences and those who had previously been convicted of criminal offences.
The ICO has required the Home Office to sign a formal Undertaking outlining that the Department will process personal information securely in future. The Undertaking has been signed on behalf of the Home Office by Sir David Normington, the Permanent Secretary.
Mick Gorrill, Assistant Information Commissioner at the ICO, said: “We are investigating a number of the most serious reported data breaches. This case was serious because it involved thousands of individual records, which contained sensitive information on people serving custodial sentences and others previously convicted of criminal offences. This breach illustrates that even though a contractor lost the data, it is the data controller (the Home Office) which is responsible for the security of the information. It is vital that sensitive personal information is handled properly and held securely at all times.
“The Data Protection Act clearly states that organisations must take appropriate measures to ensure that personal information is kept secure.
www.ico.gov.uk
Visit the Fuse Learning website at: www.fuselearning.co.uk
You must log in to post a comment.