100 data breaches made during UK's handling of the EU Settlement Scheme

Home Office in breach of GDPR with reports of misplaced ID documents

More than 20 data breaches a month were made during the Home Office's administration of the EU Settlement Scheme (EUSS), a report has found. 

Over the course of five months from April 2019 to August of the same year, the Independent Chief Inspector of Borders and immigration (ICIBI) said that the scheme had seen 100 breaches of data.

Related Resource

Digital Risk Report 2020

A global view into the impact of digital transformation on risk and security management

Download now

This involved passport and identification documents going missing in office and during postage where a number had been delivered to the wrong address. 

This is the second time the ICIBI has conducted an investigation into the Home Office's administration of settled status applications and also the second time the governing body has been found to have breached data protection laws with regard to immigration. 

"The information provided to inspectors regarding data breaches was concerning," chief inspector David Bolt wrote in his report. "Not least the increase in breaches each month between April and July 2019 (with a slight dip in August 2019), albeit most of those to the end of June were due to a postal company rather than EUSS staff or processes. 

"Data breaches damage public confidence, and applicants will blame the Home Office, whether or not this is fair. It is therefore important for the Home Office to do everything it can to keep breaches to a minimum. Most appear to have involved document handling errors and these should be easiest to prevent with clear instructions and good organisation." 

In June and July, there were a reported 38 occurrences of documents being misplaced by a postal company. However, there were 10 incidents of ID documents being misplaced within the EUSS office and further reports that documents had been sent to the wrong address and information shared with an unauthorised third party. 

"We take data protection very seriously and have apologised personally to those affected. We have already taken steps to stop them happening again," a Home Office spokesperson told IT Pro

In April 2019, the Home Office had to apologise for exposing the email addresses of those involved in the Windrush compensation scheme - which was also a breach of GDPR

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
iPhone 12 lineup official with A14 Bionic chip and 5G support
Mobile Phones

iPhone 12 lineup official with A14 Bionic chip and 5G support

13 Oct 2020
Google blocked record-breaking 2.5Tbps DDoS attack in 2017
Security

Google blocked record-breaking 2.5Tbps DDoS attack in 2017

19 Oct 2020