"ICO Reprimands MoJ for Inadequate Document Security at Prison Facility"

The Information Commissioner's Office (ICO) has reprimanded the Ministry of Justice (MoJ) and the prison after a security breach exposed confidential medical and security vetting documents for 18 days. The breach was caused when a contracted shredder waste removal company failed to collect the confidential documents, allowing at least 44 people access to the documents. In response to the incident, the ICO has instructed the MoJ and the prison to create improved policies and processes to ensure safety of personal information in all prison environments. Actions required or recommended by the ICO include the creation of procedural guidelines for dispose of confidential documents, mandatory staff training on data protection responsibilities, and regular reviews of data management and disposal practices. The Mon must also provide the ICO with a progress report by the end of October 2023.