A contractor working for the Home Office has lost an un-encrypted memory stick containing 130,000 personal records relating to criminals in England and Wales.
The data included names, addresses and dates of birth for 33,000 individuals with six or more recordable convictions in the past 12 months.
The names and dates of birth of 10,000 prolific and priority offenders, and the names, dates of birth and in some cases prison release data for 84,000 prisoners were also on the memory stick
The incident is the latest in a string of data losses by government departments.
Soctland Yard has been called in to establish how the memory stick, which contained data from J-Track, a cross-government system for monitoring offenders (see box), went missing.
PA Consulting, a contractor working for the Home Office, informed the government it had lost the memory stick containing the data from the Police National Computer on Monday. A staff member of PA Consulting has been suspended pending investigation into the loss.
The Home Office said it was investigating the contractual obligations of PA Consulting.
David Smith, deputy commissioner for the Information Commissioner's Office, said that "searching questions" needed to be asked over the safeguards surrounding the data.
"It is deeply worrying that after a number of major data losses and the publication of two government reports on high-profile breaches of the Data Protection Act, more personal information has been reported lost," he said
"The data loss by a Home Office contractor demonstrates that personal information can be a toxic liability if it is not handled properly and reinforces the need for data protection to be taken seriously at all levels. It is vital that sensitive information, such as prisoner records, is held securely at all times."
Officers from Scotland Yard's Specialist and Economic Crime Command were in discussions with PA yesterday over the circumstances surrounding the loss.
"We can confirm that this morning the Met was asked to provide assistance to PA Consulting to review the circumstances of the loss of data on a pen drive by a member of their staff, this data being provided to them by the Home Office as part of contracted work," said a Metropolitan police spokesman
Commenting on the data loss, Liberal Democrat Leader Nick Clegg said: "Charlie Chaplin could do a better job running the Home Office than this Labour government.
"The government will no doubt seek to blame private contractors, but the rash of data losses over the past two years confirms that there is something much more worrying at stake: this government cannot keep any information safe," he said.
Philip Wicks, a security expert at IT services firm Morse said, "This case highlights the fact that organisations need to ensure they have controls in place to protect data on all removable storage devices."
He said policies and procedures should be put in place, as well as technology controls that either stop people from being able to download data on to these devices or to ensure the data is encrypted.
The data loss is the latest in a string of data losses by government, which the BBC this week reported included the personal details of about four million citizens so far this year.
"The Home Office has informed us that an internal investigation is being carried out into the data security arrangements between the Home Office and its contractor, PA Consulting. We expect the Home Office to provide us at the Information Commissioner's Office with a copy of the report and its findings. We will then decide what further action may be appropriate," said Smith
PA Consulting said it was co-operating with the Home Office investigation into the matter and had no further comment at this time.
|The prison service's J-Track system is a web application which helps police officers track and rehabilitate prolific offenders.
The Home Office has been working closely with PA Consulting, the company that lost the memory stick, to develop the system. The company was awarded a three-year contract in June 2007.
The database contains information from the Prison Service and the Crown Prosecution Service. It is available via the Criminal Justice Extranet (CJX), a secure network for criminal justice staff, and work is underway to make it available through the Government Secure Intranet (GSI).
Prison, probation and court officers will all have access to J-Track through the GSI, along with the police officers and CPS staff who currently use it.
The system aims to identify offenders posing the greatest threat to communities. Police, prison and probation officers use it to track the movements of prolific offenders, and to help with their rehabilitation.
The project is used to support the Prolific and Other Priority Offenders strategy (PPO).
The details of all prolific offenders are entered onto the J-Track system. It gives officers access to updated information on court cases, and information on offenders' movements through the prison system.
- CW's Toby Stevens' Privacy, Identity & Consent Blog: Quis custodiet ipsos custodes?
- CW's David Lacey's Security Blog: Achieving a security culture change
- CW's Stuart King's Risk Management Blog: Lost USB stick with sensitive Home Office data
- Our Security Blog Award Winner - View from the Bunker: Lost Data - Pay Compensation?!?!