The Information Commissioner’s Office has called for data protection to be “taken seriously at all levels” after a Home Office contractor lost the details of 84,000 prisoners on an unencrypted memory stick.
The stick also contained details of a further 33,000 criminals with six or more convictions in the last year, and 10,000 prolific offenders.
PA Consulting, a management consultancy firm, confirmed to the government on Tuesday that it could not locate the memory stick. The Home Office is conducting an investigation into the loss and has said it will not give any more data to the firm during this process.
David Smith, deputy commissioner at the Information Commissioner’s Office, said: “It is deeply worrying that after a number of major data losses and the publication of two government reports on high profile breaches of the Data Protection Act, more personal information has been reported lost.
“The data loss by a Home Office contractor demonstrates that personal information can be a toxic liability if it is not handled properly and reinforces the need for data protection to be taken seriously at all levels. It is vital that sensitive information, such as prisoner records, is held securely at all times.”
Saying that “searching questions must be answered” on what the government had done to prevent this kind of data loss, Smith added that the ICO expects to see a copy of the Home Office’s internal investigation.
A spokesperson at the Home Office said the police had also been informed. The spokesperson added: "The data was held in a secure format on the contractor's site. It was downloaded onto a memory stick for processing purposes which has since been lost.”
PA Consulting said it was "collaborating closely with the government" in the investigation, but would not comment further.
In a report last month, Information Commissioner Richard Thomas said the government needed to strengthen data sharing rules, as well as taking steps to “clarify and simplify” the legislation.
But he said businesses also had to take responsibility around data sharing, because there was a “lack of transparency and accountability” in how many firms dealt with personal information.
Thomas also said he needed more effective powers and better resources. The government recently started a consultation into how the ICO could be granted greater powers to inspect organisations for compliance with the Data Protection Act, and how funding could be improved. In May, the ICO gained the power to fine firms for data breaches.