Prison Service is rapped after filing cabinet containing Maze inmate's details is sold at auction
The Prison Service has been heavily criticised after it accidentally auctioned off the Maze Prison records of a high-profile inmate.
It happened when a filing cabinet which officials thought was empty was sold at auction.
It later emerged the cabinet contained files about the closure of the infamous Troubles prison, including details of staff and an inmate.
The prisoner's identity is not disclosed, but he is described as high-profile.
The incident occurred in 2004, when prisons fell under the remit of the Northern Ireland Office. However, it only came to light two years ago.
Although the NIO retrieved the information, it failed to report the matter to the Information Commissioner's Office (ICO).
The ICO only became aware of the breach when a similar incident occurred in 2012.
The ICO was unable to issue a penalty for the 2004 breach as the incident occurred before it had the power to issue financial penalties.
Ken Macdonald, the ICO assistant commissioner for Northern Ireland, said it was an embarrassing error which could have had serious repercussions.
"This is a story of basic errors and poor procedures, which if the incident happened today would see us issuing a substantial fine," he said.
"The loss of this information represents not only an embarrassing episode for the Prison Service in Northern Ireland, but a serious breach of the Data Protection Act that could have had damaging repercussions for the individuals affected.
"The incident went unreported for eight years and the same mistakes were allowed to occur.
"It is only now that we have seen a commitment from the Department of Justice Northern Ireland to tackle these problems and keep people's information secure."
Under yesterday's agreement the Department of Justice must keep a record to ensure condemned equipment containing personal data has been emptied or erased before removal.
It will also introduce annual refresher and induction trainingby September for all staff whose role involves the routine processing of personal data.
The 2012 case that brought the latest one to light also involved the loss of sensitive information – personal information about victims of a terrorist attack – left in an old cabinet sold at auction.
It resulted in the Department of Justice receiving a penalty of £185,000. It occurred when the Compensation Agency, which falls under the control of the Department of Justice, moved offices in February 2012.
Staff did not realise the locked cabinet contained sensitive information, and it was earmarked for auction. It was sold, without a key, to a member of the public in May 2012.
When the buyer forced the lock he found papers dating from the 1970s through to 2005.
The buyer contacted the PSNI, which returned the papers.
Anyone who holds personal information must comply with these principles of the Data Protection Act, which make sure that personal information is:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate, up-to-date and secure
- Not kept for longer than is necessary
- Processed in line with your rights
- Not transferred to other countries without protection