Confidential addresses of two people applying for non-molestation orders were disclosed to the respondents, the Ministry of Justice has revealed in its latest annual report.

The disclosures were two of 17 personal data incidents reported to the Information Commissioner’s Office in the 2021-22 financial year. 

The MoJ's report also reveals that an indictment folder from 1991, containing confidential information of court cases and attendees, was lost in transit between archival storage and the government department in June 2021. The incident potentially affected more than 100 people.

In the same month, the names of four youth defendants were disclosed on publicly available websites. A compromised Office 375 account was allowed access to personal data of current divorce proceedings and staff details – potentially affecting 1,400 people. 

Last October, a Covid status spreadsheet of staff and offenders was emailed to all staff within a prison, potentially affecting 1,800 people. 

In February, 11 bags of confidential waste containing offender and staff information, including health data, were stored in an unsecured location, which staff and offenders had access to. The incident potentially affected 120 people. 

The Ministry of Justice told the Gazette that the ICO took no further action in 16 of the 17 incidents reported. A decision is pending on the incident involving 11 bags of confidential waste.

'We handle million pieces of sensitive data safely and securely every year. While errors and data breaches are extremely rare, we take them very seriously and have introduced extra training and safeguards to ensure data is handled correctly,' an MoJ spokesperson said.

Meanwhile, a written parliamentary response has revealed a steady rise in the number of laptops and mobiles in the Ministry of Justice that were lost or stolen.

In 2018, 75 laptops and 76 mobiles were reported as unaccounted for due to being lost or stolen – figures that have steadily risen to 306 laptops and 334 mobiles in 2022.

The ministry told the Gazette that all breaches must be reported regardless of whether there is firm evidence of loss or just an inability to account for some devices. All laptops and removable media are encrypted. Mobile phones are deactivated once reported missing. The department added that the rise in lost and stolen mobile phones coincides with the deployment of thousands of additional secure handsets to offenders on probation during and since the pandemic.

 

This article is now closed for comment.