"The Ministry of Justice is applying the government's Security Policy Framework to control risks across the organisation," the MoJ said in the report.

"This comprises the requirement for all areas to robustly apply procedures for reporting security incidents where there is the possibility of inadvertent release of personal data, however minor."

It added that it "will continue to monitor and assess its information risks in order to identify and address any weaknesses" of systems. A "dedicated Information Assurance Programme" is scheduled for next year, to improve awareness and practice of data security and compliance.