The Information Commissioners Office (ICO) have fined the Ministry of Justice (MoJ) £140k due to a clerical error which led to the personal details of 1,000 prisoners being leaked via email to three of the inmates’ families.
The error was only discovered after one of the recipients contacted the prison.
An email sent by a prison clerk about an upcoming visit had apparently included a file containing the inmates’ details. “The file included a spreadsheet containing sensitive information including the names, ethnicity, addresses, sentence length, release dates and coded details of the offences carried out by all of the prison’s 1,182 inmates,” the ICO reports.
The report of this error sparked an internal investigation which led the ICO to discover that the same error had occurred twice before. All three security breaches had been carried out by the same untrained member of staff.
The ICO’s investigation blamed these errors on a “clear lack of management oversight at the prison, with the clerk working unsupervised despite only having worked at the prison for two months and having limited experience and training.”
The investigation also flagged up various other security issues including unencrypted floppy disks regularly used to transfer large volumes of data between the prison’s two separate networks.