The Home Office has apologized after an “administrative error” led to the personal details of hundreds of historic migrants to the UK being exposed.
Around 500 private email addresses were accidentally shared with other applicants of a government compensation scheme for the so-called “Windrush” generation.
Although around half a million migrants came to the UK between 1948 and 1971, many children did not have travel documents as they were travelling on parents’ passports.
That became a problem when then home secretary Theresa May brought in a “hostile environment” immigration policy, which led to some of these individuals being deported or held in detention centers, despite having lived in the UK for decades.
The government has now admitted it broke data protection laws after sending out an email to those enrolled in the compensation scheme — individuals and organizations — containing the emails of those who had registered an interest.
“Regrettably, in promoting the scheme via email to interested parties, an administrative error was made which has meant data protection requirements have not been met, for which the Home Office apologizes unreservedly,” said Home Office minister, Caroline Nokes, in a written statement.
No other personal data was included, meaning it’s unlikely the ICO will fine the government under the rules of the GDPR, although the department’s data protection officer is said to have been informed.
"Misdirected emails are consistently one of the main forms of data security incident reported to the ICO,” claimed Tessian CEO, Tim Sadler.
“This incident highlights the importance of cybersecurity and data protection policies that focus on protecting people in order to prevent breaches caused by human error — if not only to protect the sensitive data organizations hold but also to prevent the headlines that cause reputational damage."
Egress Software CEO, Tony Pepper, added that the accidental insider threat is often underestimated.
“With intelligently applied machine learning and big data analysis combined with a people-centric approach to technology and awareness programs, it is possible to mitigate against such human errors and enhance organizations’ cybersecurity,” he argued.