We all know how the amount of data that organisations store electronically is growing at a rapid pace. We also all know how important it is to keep data securely. As such, it is easy to criticise the government department in this report for what seem to have been some fairly basic errors leading to a significant breach. But no organisation can afford to be complacent. The fact is that while the Ministry of Justice (or Target, or Sony, or whoever else before them) receive all of the publicity for their errors, the mistakes they have made are undoubtedly being repeated up and down the country, on a far too regular basis.
Equally importantly, what this story illustrates is that there is a fundamental disconnection between the assumptions made by the providers of hardware and security solutions on the one hand, and their consumers on the other. Of course, in an organisation the size of the Ministry of Justice, you would expect the person responsible for procuring the hardware in this case to have familiarised themselves with its capabilities, but even products intended for domestic markets are all too frequently supplied without sufficiently clear and detailed guidance on how to make them secure. For as long as that continues, losses of data are going to be a regular feature of the news, and of our personal technology experience.
ICO head of enforcement, Stephen Eckersley, said: "The fact that a government department with security oversight for prisons can supply equipment to 75 prisons throughout England and Wales without properly understanding, let alone telling them, how to use it beggars belief. "The result was that highly sensitive information about prisoners and vulnerable members of the public, including victims, was insecurely handled for over a year. This failure to provide clear oversight was only addressed when a further serious breach occurred and the devices were finally setup correctly."