Legal Updates - Penalty for MoJ

Data Protection – Monetary Penalty – Ministry of Justice – Data Protection Act 1998 – Breach – Sensitive Personal Data

The Information Commissioner’s Office (“ICO”) recently imposed a monetary penalty of £140,000 on the Ministry of Justice for a serious breach of the Data Protection Act 1998 (“DPA”).

The breach resulted in the details of all of the inmates at HMP Cardiff being emailed to three of the prisoners’ families. The details were contained in the form of a spreadsheet and included names, addresses, length or prison sentence, release dates and details of the offences carried out by each prisoner. It also included personal sensitive data such as the prisoners’ ethnicities. 

Following an investigation, it was found that the same error had occurred twice in the previous month. However, they had not been picked up as the recipients had not alerted the prison to the mistake.

The ICO’s investigation revealed “a clear lack of management oversight at the prison”.

Further details on this can be found at the ICO’s website.

How can we help?

Whether you are a start up or an established business, RT Coopers can assist you in meeting your obligations under the Data Protection Act. We conduct audits on your operations in order to determine any non-compliance. Once these are identified, we would advise you on the remedial measures you should put in place.

You may contact us by email [email protected]. Visit http://www.rtcoopers.com/practice_dataprotection.php

© RT COOPERS, 2013. This Briefing Note does not provide a comprehensive or complete statement of the law relating to the issues discussed nor does it constitute legal advice. It is intended only to highlight general issues. Specialist legal advice should always be sought in relation to particular circumstances.