More than 6,000 prisoners and ex-inmates from Her Majesty’s Prison Preston, Lancashire, have had their personal medical details exposed by the loss of a memory stick, according to media reports.
The memory stick carried data relating to 6,360 prisoners who have been treated by local health workers since 2000.
In scenes worthy of a Whitehall farce it was revealed that although the data on the lost USB flash drive was encrypted, the password to unlock the encryption was written on an attached note.
Data held on the memory stick included data on the prisoners’ ailments, such as diabetes, asthma, mental health and sexual health. Furthermore, the flash drive contained documents, including details such as prisoner surnames, their age range, cell location, prison number and clinic appointment times.
When people are sent to prison we expect them to be put under lock-and-key, with no chance of accidental release. It’s a shame we can’t seem to expect the same level of security when it comes to their personal information.
In this case the security of the device appears to have been utterly ham-fisted – with the benefit of encryption completely undone by the lax attitude to keeping the password secret.
* Image source: Nedko’s Flickr photostream (Creative Commons 2.0)