PA Consulting data loss sacking 'is a lesson to all suppliers'
- Reduce text size Decrease text size
- Increase text size Increase text size
- Print article Print
- Jump to comments Comment
- Share this article Share
- Email article to a friend Email
The Home Office has severed a contract with PA Consulting after an employee lost a USB stick containing sensitive data
The Home Office has terminated a £1.5 million contract with management consultancy firm PA Consulting following its loss of a USB stick containing data on 84,000 prisoners.
The three-year contract will be taken in-house, while the Home Office reviews its other contracts with PA Consulting and seeks to recover its costs from the firm.
According to a report by the Information Commissioner’s office, the data was sent to PA Consulting on encrypted CDs but was transferred to an unencrypted memory stick by an employee in breach of the company’s own security policies. The USB was lost and presumed stolen, the report said.
The sudden termination of the PA contract after the mistake of a single employee is likely to set a precedent for other suppliers of IT services. Tola Sargeant, from analyst firm Ovum, said the Home Office’s prompt action “is a lesson to all suppliers working with sensitive government data and could have implications for other database contracts,” and described the move as “long overdue”.
“[This is] a huge blow in a sector where track record and reputation are vitally important,” Sargeant said. “The firm has had its reputation tarnished by the actions of a single employee who breached the company’s established information security processes. Even if other contracts are not directly affected, PA is likely to find it more difficult to convince central government departments to do business with it in the near term.”
Sargeant added that other suppliers who have lost sensitive information, such as EDS which lost the details of prison officers while working for the Ministry of Justice, “will no doubt be feeling particularly nervous” after the termination of the PA contract.
The UK government has taken a bruising in the headlines this year after repeatedly losing sensitive data, in particular the loss of 25 million personal details by the HM Revenue & Customs which qualifies as one of the largest such incidents in history. Critics of the government’s controversial National Identity Scheme have highlighted such incidents as a major reason against the proposal, saying it "puts all the eggs in one basket".
Further reading:
Over 60 government data breaches since HMRC fiasco
No lessons were learned from last year's high-profile data loss
Lord Erroll: HMRC breach "a godsend"
The HMRC breach should act as a "wake-up call" for government departments
Find more stories in the Security & Continuity Briefing room
