ICO ISSUES MINISTRY OF JUSTICE WITH REPRIMAND

Publishing Date: May 25, 2023

Datacentres for better security

Share this news

The ICO has issued a formal reprimand to the Ministry of Justice (MoJ) after confidential waste documents were left in an unsecured prison holding area.

Prisoners and staff had access to the 14 bags of confidential documents, which included medical and security vetting details, for a period of 18 days.

During this time staff challenged prisoners who were openly reading the documents, but did nothing proactive to ensure the personal information was secured. At least 44 people had access to the information, which had remained on site as a contracted shredder waste removal company had not collected as scheduled.

The ICO investigation uncovered a lack of robust policies at the prison including:

  • no pre-agreed areas for staff to leave confidential waste in a secure place;
  • staff being unaware of the need to shred information or the risks of allowing prisoners access to non-shredded confidential documents;
  • inaccurate records of the number of staff who had completed data protection training; and
  • a general lack of staff understanding of the risks to personal data and the need to report data breaches.

Everyone has the right to expect their personal details will be kept secure and this includes in a prison environment, where exposure of personal information could potentially have serious consequences.

Whether documents are consigned to waste or not, they must be handled securely and responsibly and we expect both the prison and the MoJ to continue to take steps to improve practices to ensure people are protected.

– Steve Eckersley, ICO Director of Investigations

The reprimand details a number of required or recommended actions including:

  • a thorough review of all data protection policies, procedures and guidance to ensure they are adequate and up to date with legislation; and
  • the creation of a separate data breach reporting policy for staff.

The MoJ is also required to provide the ICO with a progress report by the end of October 2023.

This is the 45th reprimand now published on the website, detailing how the work of the ICO is making sure people’s information rights are protected. Previous examples include ensuring:

  • a review led to a new policy being introduced at an NHS Trust which stopped the standard practice of sending out group emails, significantly reducing the risk of emails being sent to the wrong person;
  • the implementation of improved technical measures at an independent advisory body to better guard against future attempts of unlawful access to the IT systems;
  • people’s subject access requests made to a government department are actioned within the statutory timescale;
  • procedures were reviewed and updated at a local council to prevent disclosure of personal details to opposing parties in child protection legal proceedings; and
  • a decommissioning policy was implemented and adhered to at an NHS hospital, to make sure that personal details would not be lost when a filing system was terminated.

***END***

Disclaimer:  DATACENTRE.ME may not be held responsible or liable for the content or details within this news article.

For further information, please refer to the full details of this article via the original source here.

Share this news

Other News

0 Comments