GDPR Violated 100 Times by British Home Office

A news report published in the United Kingdom by the Independent Chief Inspectorate of Borders and Immigration (ICIBI) has indicated that the British Home Office breached the European Union’s General Data Protection Regulation (GDPR)  100 times.

The report found that from March 30-August 31 during 2019, the UK Home Office committed a range of errors including misplaced passports, documents sent to the incorrect recipient’s address and unauthorized disclosure o a number of different occasions.

This is a cause for concern as it clearly shows that a progressive increase took place every month in the amount of  number of breaches committed by the Home Office department. It is a concern due to the effect it will have on the work completed by the UK Government department.

The report said: “The information provided to inspectors regarding data breaches was concerning, not least the increase in breaches each month between April and July 2019 (with a slight dip in August 2019), albeit most of those to the end of June was due to a postal company rather than EUSS staff or processes. Data breaches damage public confidence, and applicants will blame the Home Office, whether or not this is fair. It is therefore important for the Home Office to do everything it can to keep breaches to a minimum.”

There was additional detail on violations that occurred in relation to the EU Settlement Scheme (EUSS). The EUSS scheme was created for EU, EEA, and Swiss citizens to apply for residency rights and settled status so they could go on residing in the United Kingdom after 30 June 2021. However, there is no obligation for those with indefinite leave to remain to apply for the scheme. The first breach was noted on April 7, involved a staff member who shared emails to 240 recipients without using the BCC fields, leading to every address included being shared without authorization. Along with this, at the EUSS important ID documents were lost inside the EUSS office on a number of different occasions and sent to the wrong address on a number of times, according to the report.

A GDPR breach occurred just after a similar privacy error when the Home Office exposed the details of 500 applicants included in the Windrush compensation scheme. This is a scheme that was created in order to address the mistreatment of Commonwealth citizens by the Conservative British Government.

Reacting to the report, the Home Office released a statement to say that it is attempting to enhance its data protection processes, with some success.  The statement confirmed: “We are also in discussion with the heads of security, integrity and data protection to ensure our processes are aligned to GDPR compliance,”

The ICIBI also said that that the issues it found should be easy enough to fix commenting: “Bulk email processes have changed so there will be no errors going forward. Most appear to have involved document handling errors and these should be easiest to prevent with clear instructions and good organization.”