UK justice agency loses 45,000 personal records
The U.K. Ministry of Justice has lost the personal details of 45,000 people, in a string of incidents over the past year.
Data was lost in at least nine separate incidents in the past financial year, it was revealed in the MoJ's annual accounts. Some 30,000 of affected people were not notified, and in the largest incidents neither were the police.
The full extent of the data loss is not known, and the MoJ alluded there could be more incidents the government has not disclosed. The department said some breaches, in which disclosure would in itself cause harm, "may be excluded" from the list. In fact, police were only notified about six of the nine incidents.
In the largest incident at the Ministry of Justice, which took place in June last year, the name, address and some bank details of 27,000 supplier staff were lost through the "unauthorised disclosure of inadequately protected electronic storage devices." Neither the people affected nor the police were informed of the incident, the MoJ said in its resource accounts.
On another occasion in November 2007, the names, addresses and dates of birth of 3,648 alleged criminals, on paper, were lost from outside government buildings. Again, no-one was notified.
Two months later, officials lost the details of 14,000 late fine payers were lost from an "inadequately protected laptop" that was within government premises. In this incident, the police were notified, while the people whose details were lost were not.
Of the remaining six smaller incidents, two involved laptops, three involved paper records and one was the result of the loss of electronic storage devices. The MoJ only notified police about five of these events and the people in only three of those incidents.
A spokesperson at the Ministry of Justice said: "The government takes the protection of personal data extremely seriously and we are committed to ensuring that information is shared in a safe and secure way. Whilst any loss of data is regrettable all MoJ incidents have been reported and the necessary action taken. No major breaches have occurred.
"A dedicated information assurance program has been established for the coming year to address information risks and inspire public trust and confidence."
The news comes only months after the Cabinet Office imposed tough data security sanctions on Whitehall, and the government made a pledge to report regularly on its handling of information.
Last week, the Home Office revealed it had lost the records of 3,000 seasonal agricultural workers on two unencrypted CDs. In November last year, HM Revenue and Customs lost the details of 25 million families, also on unencrypted CDs.
» posted by ITworld staff
Computerworld UK
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
physical security
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
