Categories
Electronic Document Management

MoJ incident shows importance of getting data security right

The Information Commissioner’s Office has fined the Ministry of Justice for a data breach.

Despite a plethora of knowledge about the importance of data security being published in the media, many organisations still do not seem to be getting it right and applying the IT security measures necessary to protect sensitive information.

This fact was clearly illustrated by an embarrassing incident for the Ministry of Justice, which came to light as a result of a fine by the Information Commissioner’s Office (ICO) this week.

In August 2011, the ministry accidentally emailed the details of more than 1,000 inmates at Cardiff Prison to three prisoners’ families, including a spreadsheet mentioning names, addresses, release dates and codes relating to the offences committed.

The blunder was only discovered when one of the recipients of the emails raised the alarm. Police then had to go to the houses of each one to ensure the files had been deleted.

An investigation by the ICO found there had been a clear lack of management oversight at the prison and that the clerk tasked with sending out correspondence had only been in the role for two months.

There were also problems with data transfer, as the investigation discovered unencrypted discs were being used to move large volumes of information between two networks.

A Ministry of Justice spokesperson said measures had been taken immediately to change procedures and make sensitive information safer.

"These types of incidents are extremely rare but this does not mean that we are complacent," they added.

However, the ICO issued a £140,000 for the breach and the potential damage and distress that could have been caused. 

The errors are likely to be especially embarrassing for those involved, as the Ministry of Justice is responsible for overseeing data protection issues.

It comes after information security expert Jon McCoy said an interview with in Computer Weekly that companies failing to address their data management needs upfront risk losing money because they have to address incidents one by one.

Organisations struggling with what they need to do could consider a third-party electronic document management solution to save them having to handle information security in house.