The UK Information Commissioner’s Office (ICO) has served a £180,000 penalty on the Ministry of Justice following the loss of an unencrypted back-up hard drive at HMP Erlestoke prison in Wiltshire in May 2013. The hard drive contained sensitive and confidential information about 2,935 prisoners, including details of links to organised crime, health information, history of drug misuse and material about victims and visitors. The incident followed a similar case in October 2011, when the ICO was alerted to the loss of another unencrypted hard drive containing the details of 16,000 prisoners serving time at HMP High Down prison in Surrey.
In response to the first incident, in May 2012 the prison service provided new hard drives to all 75 prisons across England and Wales still using back-up hard drives in this way. These devices were able to encrypt the information stored on them. But the ICO’s investigation into the latest incident found that the prison service didn’t realize that the encryption option needed to be turned on to work correctly.