The Ministry of Justice has been fined £140,000 by the Information Commissioner’s Office (ICO) after details of every prisoner serving at HMP Cardiff were emailed to three of the inmates’ families.
The file included a spreadsheet containing information of the names, ethnicity, addresses, sentence length, release dates and coded details of the offences carried out by all of the prison’s 1,182 inmates.
The ICO investigation found a ‘clear lack of management oversight’ at the prison. It also found problems with how prisoner records were handled, with unencrypted floppy disks regularly used to transfer large volumes of data between the prison’s two separate networks.
David Smith, deputy commissioner at the ICO, said the disclosure risked the welfare of the prisoners at risk and that of their families.
He said: ‘Fortunately it appears that the fallout from this breach was contained, but we cannot ignore the fact that this breach was caused by a clear lack of management oversight of a relatively new member of staff. Furthermore, the prison service failed to have procedures in place to spot the original mistakes.’
The unauthorised disclosures were reported to the ICO on 8 September 2011.
The penalty was imposed on the MoJ’s National Offender Management Service, the agency responsible for commissioning and delivering prison and probation services across England and Wales.