Government terminates PA Consulting contract

Contractor blames rogue employee

The Home Office has indicated that the loss will have much wider implications for PA Consulting than losing the JTrack contract

The Home Office has terminated its contract with PA Consulting after the firm lost a memory stick containing data on 84,000 criminals.

PA Consulting, which is also working with the government to implement the National ID Card scheme, has argued that the security breach should be blamed on the individual that downloaded the data, and not its internal processes.

The consultancy has fired the individual whom it deemed responsible for the loss.

"The loss of data on this project was caused by human failure. A single employee was in breach of PA's well established information security processes, " a PA Consulting spokeswoman said in a statement.

"The senior manager responsible for this work has been dismissed from PA for failure to follow our well set out processes."

• The top 10 public sector data losses - so far

The spokeswoman claimed that the company had since examined all its government and private sector contracts that handle sensitive data, and found them to be "fully compliant with robust policies and procedures".

But the Home Office has yet to evaluate the consultancy's reassurance concerning its data security practices, and has indicated that the loss will have much wider implications for PA Consulting than losing the JTrack contract.

Home secretary Jacqui Smith said that the Home Office will now review all its contracts with PA Consulting, as well as those with the private sector involving sensitive data.

"Lessons learned from this incident more generally will be applied to working with suppliers on contracts involving sensitive data," said Smith.

PA Consulting had been contracted by the Home Office last year to track prolific offenders through the criminal justice system.

The JTrack programme is aimed at providing law enforcement agencies with tools to compare offenders' data.

Government officials are now working with PA to take the programme back in house. The Home Office expects all the system maintenance and the user training programmes to be back under its control by December.

Smith has sent a full report to the Information Commissioner on the loss, arguing that PA Consulting breached its contract.

The Home Secretary claimed that the data loss represents a "low risk" to the prisoners concerned because their data is already in the public domain.

"All of the individuals have Police National Computer IDs which means that they have been convicted of an offence in open court," she said.

The government has stated that it will not be telling prisoners whether their data has been lost.

"We have carefully considered the benefits of contacting those affected individually and concluded that the risks of doing so outweigh the benefits. There is more potential to exacerbate the situation than mitigate it," said Smith.