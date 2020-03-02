Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

Home Office Admits 100 GDPR Breaches in EU Scheme

The Home Office breached the GDPR 100 times in its handling of EU citizens’ data in the space of just five months, an inspector’s report has revealed.

Between March 30 and August 31 2019 the government department admitted a catalog of errors including misplaced passports, documents sent to the wrong recipient’s address and unauthorized disclosure, according to the Independent Chief Inspectorate of Borders and Immigration (ICIBI)

The report is the second to focus on the controversial EU Settlement Scheme (EUSS), which EU citizens must apply to if they want to remain in the UK post-Brexit. The EUSS launched at the end of March.

“The information provided to inspectors regarding data breaches was concerning, not least the increase in breaches each month between April and July 2019 (with a slight dip in August 2019), albeit most of those to the end of June were due to a postal company rather than EUSS staff or processes,” it concluded.

“Data breaches damage public confidence, and applicants will blame the Home Office, whether or not this is fair. It is therefore important for the Home Office to do everything it can to keep breaches to a minimum.”

Aside from the 23 documents misplaced by a postal company in July, the worst incident came in April, when 240 email addresses were exposed after a Home Office employee forgot to put them in the BCC field when sending a bulk email.

That incident happened just days after a similar privacy snafu in which the Home Office exposed the details of 500 applicants to the Windrush compensation scheme — itself set up after the mistreatment of Commonwealth citizens by the Conservative government.

At the EUSS, important ID documents were misplaced inside the EUSS office on multiple occasions and sometimes returned to the wrong address, according to the report.

The Home Office claimed it is getting better at data protection.

“We are also in discussion with the heads of security, integrity and data protection to ensure our processes are aligned to GDPR compliance,” it replied to the ICIBI. “Bulk email processes have changed so there will be no errors going forward.”

The ICIBI also suggested that the problems it uncovered should be easy enough to fix.

“Most appear to have involved document handling errors and these should be easiest to prevent with clear instructions and good organization,” it said.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Sports Giant Decathlon Leaks 123 Million Records

2
News

Indian Arrested Over Sale of Illegal Drugs Disguised as Sex Aids on Dark Web

3
Interview

#RSAC Video Interview: Kathleen Smith, CMO, CyberSecJobs

4
News

US Jails Chinese Scientist for Stealing $1bn of Trade Secrets

5
News

Let’s Encrypt Hits One Billion Certificate Milestone

6
News

Michigan Healthcare Group Hack Went Undetected for Six Months

1
Opinion

#HowTo Be Sure You Choose a Safe and Secure Hosting Provider

2
Magazine Feature

Password Meters: Up to the Job?

3
News

HMRC Scam Calls Surge 234% in a Year

4
News

UK Lawmakers Warned of “Persistent” Hacking Threat

5
News

Home Office Admits 100 GDPR Breaches in EU Scheme

6
Opinion

A Siri for Network Security: How Chatbots can Enhance Business Agility

1
Webinar

AI in Security: Keeping Up with the Trend

2
Webinar

Make Your Own Security Superstars: Scale and Upskill Your Security Team

3
Webinar

Automation in Data File Transfer: Improving Security and Saving You Time

4
Webinar

Leveraging ISO 27001 to Manage Cyber & Information Security Risks

5
Webinar

Making a SOAR Strategy Work For You

6
Webinar

Out Think Mobile Malware - Learn How to Protect Your Mobile Devices

1
Interview

Interview: Gavin Henderson, Vice-President, Regional Security, Mastercard

2
Blog

PCI Compliance: Not a Password Security Guarantee

3
Opinion

Is Anyone Paying Attention to Healthcare Security?

4
Opinion

#HowTo Do DevOps Effectively

5
Opinion

Why Leaky Clouds Lead to Data Breaches

6
Slackspace

Man Charged After Sharing Cryptocurrency Knowhow