The penalty is for the loss of an encrypted hard drive, containing personal information on 2,935 prisoners, at HMP Eriestoke prison in Wilshire 2013.
The Ministry of Justice pointed out that the ICO reduced its planned fine, in recognition of improvements made by the MoJ since the incident. An MoJ spokesperson said: "We take data protection issues very seriously and have made significant and robust improvements to our data security measures. These hard drives have now been replaced with a secure centralised system.
"Incidents like this are extremely rare,” stressed the spokesperson, “and there is no evidence to suggest that any personal data got into the public domain.”
This, however, is not the first time the MoJ has been punished for failing to secure personal data on prisoners. In 2011 another hard drive containing information on 16,000 prisoners was lost. Following this incident, new safer hard drives were sent out to all 75 prisons in England and Wales; but in the case of the HMP Eriestoke data loss, officials had not switched the encryption system on.
Graeme Stewart, Director of Public Sector Strategy and Relations, McAfee, said: “The security industry has been saying for years that there needs to be better understanding of security from non-security professionals. But it clearly isn’t sinking in. The time has come to accept that getting everyone in a huge organisation to behave in a secure manner is impossible, and we need to start building systems that are secure by default.”