Minsters are squirming this morning after the details of 84,000 prisoners in England and Wales were lost.
The data was supplied by the Home Office to contractor PA Consulting but was transferred, unencrypted to a memory stick and subsequently lost.
The Information Commissioner's Office has described the loss as "deeply worrying". "Searching questions must be answered about what safeguards were in place,” said David Smith, deputy commissioner at the ICO.
The missing memory stick includes unencrypted details about 10,000 prolific offenders and data on all 84,000 prisoners in England and Wales.
PA Consulting told the Home Office on Monday that it feared it might have lost the data and confirmed the next day that it could not locate the memory stick. NO more data will be transferred to PA Consulting during the investigation into the loss, the Home Office said.
Philip Wicks a security expert at IT services firm Morse said, “This case highlights the fact that it isn’t just laptops that you need to secure to protect against data loss in the event of them being lost or stolen.
"Organisations need to ensure they have controls in place to protect the data on memory sticks, and other removable storage devices such as iPods and discs, so that if they are lost and end up in the hands of criminals the data can’t be used for unscrupulous purposes."
Wicks said that there seemed to be “a culture of letting anyone download anything onto a memory stick.”
He called for a reversal of this approach so that downloading was forbidden, unless people who absolutely needed data on portable media could demonstrate that the information would be held securely. “If this is done, data security will be vastly improved,” he said.
PA Consulting has not so far commented on the data loss.
Find your next job with computerworld UK jobs