The Ministry of Justice (MoJ) has lost the personal
information of more than 2,000 people in the past year, according
to the department'sannual financial accountspublished last
week.
The most recent and biggest single data breach by the MoJ was
the loss of an unencrypted memory stick containing personal details
of employees in March this year.
In the second biggest breach in the past year, MoJ supplier
EDS lost a portable hard disc in September 2008. Initial
reports indicated that thousands of records had been lost, but the
MoJ said only 256 staff members were potentially affected.
These and two other incidents accounted for the loss of 1,849
records reported to the Information Commissioner's Office
(ICO).
The MoJ admitted to losing an additional 157 records in another
six minor data losses that "did not fall within the criteria" for
reporting to the ICO. These incidents involved the loss of
inadequately protected electronic equipment, devices or paper
documents, or the
unauthorised disclosure of data.
Although thousands of people are potentially
affected by the breaches, this marks a improvement on the MoJ's
performance the previous year.
In the annual accounts for the preceding year, the department
admitted to losing the personal details of 45,000 people in nine
separate incidents.
The MoJ said in a statement that the department takes the
protection of personal data extremely seriously and is committed to
ensuring that information is shared in a safe and secure way.
"Whilst any loss of data is regrettable, all Ministry of Justice
incidents have been reported and the necessary action taken," a
spokesman said.
The MoJ has set up a dedicated Information Assurance Programme
for the coming year to address information risks and inspire public
trust and confidence, he said.
"All staff have now undertaken mandatory training to raise their
awareness of the vital importance of data security," he said.