Inmates accidentally given details of local school children

Inmates at Portland Prison were accidentally given sensitive documents containing names and addresses of local school children. Read on to find out more about responsibilities of data controllers.

Prisoners taking part in a “back to work” scheme at HMP Portland, in Dorset, were given files from various offices and schools to destroy and were then tasked with making briquettes out of the shredded paper for the prison furnace.

It was reported in the Daily Telegraph:

…that as soon as the mistake was discovered, the scheme was stopped and an urgent investigation was launched into how the sensitive paperwork ended up in a jail that includes a “small, but significant, number of sex offenders.”

The Data Protection Act clearly states that data controllers can not escape liablity for any errors made by their subcontractors (data processors). It is vital to data controllers make proper checks on any firms who dispose of their confidential waste.

The Daily Telegraph reported that the Prison Service was taking the matter “very seriously” and bosses at the school have notified the Department for Education, Ofsted and the Information Commissioner, who has senior teachers at Portland Aldridge Community Academy notified parents last week that paperwork containing pupils’ information had “not been destroyed in the manner it would have expected.”

The Daily Telegraph’s Article quoted a parent saying:

“All sorts of prisoners are in there, and they had children’s name and addresses – it’s a real security concern.

“We were contacted by the school last week and the governors have assured us (about the safety of the children on the list), but this should never have happened in the first place.

“Schools should not be sending any kind of paperwork to a prison, it’s as simple as that.”

Also read:

Blog: Charity cold calling Investigation: You can’t subcontract liability

FAQ: FAQ: Are your staff security vetted?