A government contractor has lost a memory stick with personal data on 84,000 prisoners. It’s the latest in a string of major data losses the government has suffered in the past six months.
Jacqui Smith, the minister responsible for the prison system, has already blamed the contractor for breaching rules which forbid the downloading of such data. The stick contained the names, dates of birth and addresses of every serving prisoner in England and Wales, along with some release dates. The details were not encrypted.
There is already speculation that prisoners could bring legal action for breach of privacy. Some could even sue for the costs of relocating if the leak of their home addresses exposed them to harassment.
The firm concerned, PA Consulting, was given the data as part of a project to track offenders through the entire criminal system. It’s particularly politically embarrassing for the public as the firm is among those helping develop the proposed national ID card scheme.
Data loss has been under a bright spotlight in Britain since last November when two CDs containing details of all 7.5 million families who receive child benefit (a government payment to all parents) went missing. Despite the discs containing national insurance numbers (equivalent to social security numbers) and bank details, a staff member at the government department concerned sent the unencrypted discs through a private courier service.
Later losses included a hard drive with contact details for everyone taking a driving test nationwide, a laptop with bank account, national insurance and passport numbers for 600,000 armed forces applicants, and a paper file with classified reports on Iraq’s security forces and Al-Qaeda.
In some ways, you could argue the problem has been overstated: since the child benefit incident, even the smallest cases of data loss are getting massive attention. But with the defence department alone admitting to losing 121 memory sticks and 747 laptops in the past four years, it’s clearly time the government tightened up its policies on controlling and encrypting confidential data.