Home Office guilty of breaching Data Protection
By Ian Dunt
The Home Office has been found to have breached the Data Protection Act when it lost a USB stick holding the details of thousands of convictions last year.
The Information Commissioner’s Office (ICO), which rules on the case, has forced the Home Office to sign a formal declaration promising to hold personal data securely in the future.
With immediate effect, all portable and mobile devices which are used to store and transmit personal information must be encrypted.
The case in question occurred in August 2008, when a Home Office contractor, PA Consulting lost an unencrypted memory stick holding sensitive personal details of thousands of people serving custodial sentences or who had previously been convicted of criminal offences.
Mick Gorrill, assistant information commissioner, said: “This case was serious because it involved thousands of individual records.
“This breach illustrates that even though a contractor lost the data, it is the data controller (the Home Office) which is responsible for the security of the information. It is vital that sensitive personal information is handled properly and held securely at all times.”
The ruling immediately led opposition parties to call for resignations in the face of regular data losses by the government
Liberal Democrat home affairs spokesman Chris Huhne said: “A formal undertaking to improve procedures is all very well, but institutionalised disregard for our personal data continues to worsen.
“Heads must roll if the slapdash culture is to end.”
The news follows a damning indictment of MoD security procedures by a committee of MPs earlier in the year.