Prison staff data fiasco leads to call for tighter internal security

Security experts and trade unions have urged employers to step up efforts to stop rogue employees stealing staff information, in the wake of the loss of data on 5,000 prison workers.

Global IT-provider Electronic Data Systems (EDS), which is also responsible for the UK’s national identity card scheme, admitted losing a computer drive with employee files belonging to the National Offender Management Service in England and Wales.

The storage device was last seen in July 2007, but the Ministry of Justice and the Prison Officers Association (POA) were only informed of the loss in early September.

It is not known how the files were lost in this case. But Greg Day, security analyst at software security specialist McAfee, told Personnel Today that such losses were often down to business insiders rather than external hackers.

“Employers need to have more controls in place because often it comes down to poor practice and human error,” Day said.

Alan Bentley, vice-president for the EMEA region at security company Lumension Security, said it was up to employers to protect data – even from staff.

“They need to ensure they are protecting their information at all exit points in the workplace, regardless of the trust levels,” he said.

The POA threatened to strike over the incident, which it claimed could put it’s members lives at risk.

“I hope that the government would also terminate the contract with EDS immediately following its deliberate act of withholding information and placing at risk thousands of prison staff,” added Brian Caton, the union’s general secretary.

Comments are closed.