Prisoner data loss firm contract axed

The government has sacked the firm blamed for losing the details of thousands of criminals held on a computer memory stick, after an inquiry.

Share

The government has sacked the firm blamed for losing the details of thousands of criminals held on a computer memory stick, after an inquiry.

Home Secretary Jacqui Smith said PA Consulting has had its three year, £1.5 million contract terminated, after the firm lost the details of 84,000 prisoners in England and Wales on an unencrypted memory stick.

The Home Office is also reviewing its other contracts with PA Consulting, reportedly worth £8 million a year, while the Cabinet Office has begun a wider review into the way that private companies handled the public's personal information.

Smith said sensitive information relating to the JTrack prisoner system – an operational system set up to track and monitor prolific and priority offenders - was transferred securely to the firm. But the data, relating to criminals, was then transferred onto an unencrypted memory stick by a PA Consulting employee. The loss of this memory stick was reported to the Home Office on 19 August.

The missing stick contained details on 10,000 prolific offenders as well as names, dates of births and some release date of all 84,000 prisoners in England and Wales - and 33,000 records from the police national computer.

This was a "clear breach" of its contract covering security and data handling, said Smith in a statement.

"This data was not handled securely by a PA employee on their premises," she said.

JTrack monitors around 10,000 to 11,000 offenders across England and Wales. The system has around 2,500 users who all work within the criminal justice system. PA Consulting was contracted to provide the hardware, software and system support for JTrack.

The Home Office and the National Policing Improvement Agency (NPIA) regularly transferred data to PA Consulting "via encrypted CD-ROMs from NPIA and by secure email from the Home Office" the statement said.

"Our contract had stipulated the sort of security provisions that needed to be in place and that had not happened," added the home secretary.

"Our investigation has demonstrated that while the information was transmitted in an appropriately secure way to PA Consulting and fed to a secure site, it was subsequently downloaded on to an insecure data stick and that data stick was then lost."

PA Consulting said: "The loss of data on this project was caused by human failure, a single employee was in breach of PA's well established information security processes. We deeply regret this human failure and apologise unreservedly to the Home Office."

The firm has “conducted an examination of every one of our government and private sector projects that handle personal, sensitive or protectively marked material against recognised best practice and government-approved processes.

"Our review has confirmed that, apart from in this isolated incident, we are fully compliant with robust policies and procedures and are achieving high levels of information assurance across all of our work. In addition, several government departments have carried out their own extensive audits of PA projects and in all cases have found them to be fully compliant.”

PA Consulting added that “the challenge of managing necessary confidential information held by government, and in particular of eliminating human error, is industry-wide. We are engaged in dialogue with our clients and competitors to address, and find solutions to, this challenge.”

Find your next job with computerworld UK jobs