14 DAY TRIAL // British prisoners are not the only ones affected by personal information loss. The News of the World tabloid claims that prison workers are in the same situation of having their personal data in the open, technically at anyone's disposal, once a portable hard-drive disk got lost. Names, birthday dates, insurance and employee numbers, and the home addresses presumably as well, were all on the device.
What is more surprising is that it took the company that was responsible with storing data for the British Ministry of Justice over one year to realize what had happened. After learning this, Shadow Justice Secretary Nick Herbert angrily stated for the source, “The records of prisoners have been lost already and now we discover that personal data about prison officers has gone too. When was this incompetent Government planning to own up to another data disaster, this time one which has put the security of thousands of its own employees at risk?”
Indeed, the fact that personal information of the prison staff is at large means that prisoners have the opportunity to find out about their guards more than these would want to be known. Addresses, which are believed to also have been on the list, can be particularly employed in criminal actions. By threatening the families of the staff, as the British newspaper claims, prisoners can turn employees into accomplices to drug traffic, to name just one possibility.
Security experts are dumbfounded that the information contained by the 500GB hard-drive disk was not even encrypted. “Using encryption would have meant that even if the data had been lost it would have been inaccessible and useless to any potential data thief who might get his paws on it.” said Graham Cluley, senior technology consultant at security company Sophos. Also, when such incidents happen, they should be immediately reported, so that qualified people can take the appropriate measures. “If you think classified information has been lost inside your company, ensure that senior management - and possible affected parties - are aware so they can take the appropriate actions.”