UK DATA PROTECTION WATCHDOG the Information Commissioner's Office (ICO) has hit the Ministry of Justice (MoJ) with a £140,000 fine.
The ICO levied the fine because of a serious data breach at the MoJ that saw the details of prisoners serving time at Cardiff Prison sent to the homes of three of the inmates' families.
According to the ICO the misfired mailing only came to light when one of the recipients of the mail told the prison about it. They said that they had been sent a comprehensive spreadsheet that included names, addresses, sentence lengths, release dates, and some information about offences, on all of the prison's 1,182 inmates.
An internal investigation was started, and when two more incidents were uncovered the incidents were reported to the ICO.
The ICO did not have much good to say about systems at the prison, and found a "clear lack of management oversight".
"The potential damage and distress that could have been caused by this serious data breach is obvious. Disclosing this information not only had the potential to put the prisoners at risk, but also risked the welfare of their families through the release of their home addresses," said ICO deputy commissioner and director of Data Protection David Smith.
"Fortunately it appears that the fall-out from this breach was contained, but we cannot ignore the fact that this breach was caused by a clear lack of management oversight of a relatively new member of staff. Furthermore the prison service failed to have procedures in place to spot the original mistakes. It is only due to the honesty of a member of the public that the disclosures were uncovered as early as they were and that it was still possible to contain the breach." µ
Sign up for INQbot – a weekly roundup of the best from the INQ