MoJ fined for prisoner data leak

The Ministry of Justice is to be fined £140,000 by the data watchdog after the personal details of all 1,182 prisoners at a jail were mistakenly emailed to inmates' families.

MoJ 'took immediate steps to recover data' leaked

The personal details of all 1,182 prisoners at a jail were mistakenly emailed to inmates' families. Credit: PA Wire

A Ministry of Justice spokesman said: "We treat the security of information very seriously and took immediate steps to recover the data as soon as the loss was reported to ensure that it went no further.

"These types of incidents are extremely rare but this does not mean that we are complacent.

"A thorough investigation was held by the prison who immediately altered their procedures, and further changes were implemented across the prison estate."

Ministry of Justice fined over 'serious data breach'

The potential damage and distress that could have been caused by this serious data breach is obvious.

Disclosing this information not only had the potential to put the prisoners at risk, but also risked the welfare of their families through the release of their home addresses.

Fortunately it appears that the fall-out from this breach was contained, but we cannot ignore the fact that this breach was caused by a clear lack of management oversight of a relatively new member of staff.

Furthermore the prison service failed to have procedures in place to spot the original mistakes.

It is only due to the honesty of a member of the public that the disclosures were uncovered as early as they were and that it was still possible to contain the breach.

– ICO Deputy Commissioner and director of data protection David Smith

Advertisement

Ministry of Justice fined over prisoner data gaffe

The Ministry of Justice is to be fined £140,000 by the data watchdog after the personal details of all 1,182 prisoners at a jail were mistakenly emailed to inmates' families.

A spreadsheet containing sensitive information including names, ethnicity, addresses, sentence length, release dates and details of the offences by all inmates at HMP Cardiff was sent to three families, the Information Commissioner's Office (ICO) said.

The personal details of all 1,182 prisoners at a jail were mistakenly emailed to inmates' families. Credit: PA Wire

The breach was only discovered when one of the recipients contacted the prison on August 2, 2011 to report they had received an email from the prison clerk about an upcoming visit, which included the file.

The ICO found there was a clear lack of management oversight at the prison, with the clerk working unsupervised despite only having worked at the prison for two months and having limited experience and training.