The Information Commissioner’s Office (ICO) has fined the Ministry of Justice (MOJ) £180,000 for repeated serious failings in the secure handling of personal data by the prison service. In October 2011, an unencrypted hard drive containing sensitive prisoner data was lost. The MOJ issued new encryption capable hard drives, but the prison service was unaware that the encryption option needed to be turned on for it to work. Subsequently, a second hard drive was lost, which should have been encrypted but was not. As a result, the ICO found that the prison service was handling highly sensitive data insecurely and imposed the fine.