The Ministry of Justice has lost the personal details of 45,000 people, in a string of incidents over the past year.
Data was lost in at least nine separate incidents in the past financial year, it was revealed in the MoJ's annual accounts. Some 30,000 of affected people were not notified, and in the largest incidents neither were the police.
The full extent of the data loss is not known, and the MoJ alluded there could be more incidents the government has not disclosed. The department said some breaches, in which disclosure would in itself cause harm, “may be excluded” from the list. In fact, police were only notified about six of the nine incidents.
In the largest incident at the Ministry of Justice, which took place in June last year, the name, address and some bank details of 27,000 supplier staff were lost through the “unauthorised disclosure of inadequately protected electronic storage devices”. Neither the people affected nor the police were informed of the incident, the MoJ said in its resource accounts.
On another occasion in November 2007, the names, addresses and dates of birth of 3,648 alleged criminals, on paper, were lost from outside government buildings. Again, no-one was notified.
Two months later, officials lost the details of 14,000 late fine payers were lost from an “inadequately protected laptop” that was within government premises. In this incident, the police were notified, while the people whose details were lost were not.
Of the remaining six smaller incidents, two involved laptops, three involved paper records and one was the result of the loss of electronic storage devices. The MoJ only notified police about five of these events and the people in only three of those incidents.
A spokesperson at the Ministry of Justice said: “The government takes the protection of personal data extremely seriously and we are committed to ensuring that information is shared in a safe and secure way. Whilst any loss of data is regrettable all MoJ incidents have been reported and the necessary action taken. No major breaches have occurred.
“A dedicated information assurance programme has been established for the coming year to address information risks and inspire public trust and confidence.”
The news comes only months after the Cabinet Office imposed tough data security sanctions on Whitehall, and the government made a pledge to report regularly on its handling of information.
Last week, the Home Office revealed it had lost the records of 3,000 seasonal agricultural workers on two unencrypted CDs. In November last year, HM Revenue and Customs lost the details of 25 million families, also on unencrypted CDs.