The Government and Information Commissioner’s Office have confirmed that they are investigating the loss of three independent inquiry notes.
Relating to the Azelle Rodney Inquiry, the Robert Hamill Inquiry and the Mark Duggan Inquest. Documents of all three have been completed, although the Hamill Inquiry has yet to publish its report.
A Government statement said that there is no evidence to indicate that the information loss arose from malicious intent, but it is essential to take the most precautionary view and to take all necessary steps to safeguard the interests of anyone whose information could be disclosed.
“Government officials became aware on 8th January that two discs containing documents relating to these inquiries were missing, having been dispatched by post,” it said. “Immediate steps were taken, including intensive searches to locate the discs. These searches continue, with police assistance. The discs have not, as yet, been found.”
As well as safeguarding individuals’ interests, the Government also said that it has undertaken “urgent investigations” into how this incident was able to happen, and further investigations continue in relation to both the conduct of individuals and the organisational safeguards against information security breaches of this kind.
So far one member of staff has been suspended to facilitate the investigation and an independent review has been commissioned to look at all the circumstances of this loss and identify lessons learned.
“The Government will continue to work closely with the Information Commissioner, and will welcome any investigation that his office may wish to undertake,” it said.
A spokeswoman for the Information Commissioner’s Office told IT Security Guru: “We have recently been made aware of a possible data breach involving the Ministry of Justice.
“We will be making enquiries into the circumstances of the alleged breach before deciding what action, if any, needs to be taken.”
Stephen Midgley, vice president, global Marketing at Absolute Software, said: “Not only could this loss of information be detrimental to judicial proceedings, but it could result in the public trusting the Government even less when it comes to the handling of their data.
“Throughout the Government there has been a renewed interest in digital first strategies, which means more devices being used more regularly. For example the police are beginning to use mobile devices and tablets to collate witness statements, an initiative that will undoubtedly save hours of paper work and back office admin.
“With cost cutting measures happening throughout the public sector it is important that technology is embraced to future proof services and keep costs down. However if the Government cannot even look after critical information on a disc then it needs to think about how it can manage data on a multitude of devices.
“Public sector departments don’t have a great track record when it comes to data protection, and the government is going to have to work extremely hard to regain and retain public trust, as well as avoiding hefty fines from the ICO. In order to stand the best chance, public sector bodies will need to demonstrate three things; a data security policy that is clear and accessible; data security training across the board that is relevant and understandable; and proper data protection software in place.”
Stuart Poole-Robb, chief executive and founder of business intelligence and cyber security adviser KCS Group Europe, said: “Often, the transfer of data between Government-run facilities is outsourced to facilities management companies with little knowledge of cyber security. If the data were being transferred between police stations, it is a distinct possibility that this highly sensitive data was not even encrypted.”22
