Report reveals massive spike in Home Office data breach reporting following GDPR

Written by Beckie Smith on 14 June 2019 in News
News

New legislation saw the department recording and reporting many more incidents

The Home Office’s annual report has revealed a spike in the department’s reporting and recording of data breaches in light of GDPR coming into effect. 

A total of 35 data breaches were reported to the Information Commissioner’s Office in the year to 31 March 2019, up from two the previous year.

A further 1,895 data breaches were recorded by the department’s data controller during 2018/19 but not deemed major enough to warrant reporting to ICO. Sixty-four such breaches were recorded the previous year.

The report attributes the sharp increase in reporting to “greater awareness and vigilance amongst staff” since the introduction of GDPR in May 2018. Guidance published post-GDPR and a revised reporting process “has raised awareness across the Home Office regarding the need to escalate such incidents”, it says.


Related content


However, the report does reveal concern about the Home Office’s compliance with data-protection regulations. A section on risks to the department’s work stresses that “it is essential that we manage those assets properly and do not lose the public's trust and confidence, in particular by being non-compliant with data protection legislation”.

It addresses, in particular, a three-day period in early April in which three separate data breaches occurred. On 7 April, when sending an email to 240 EU settlement scheme applicants, an official failed to use the BCC function to hide recipients’ email addresses from each other. The following day, a similar error happened in five batches of emails to people who had contacted the Home Office about its Windrush compensation scheme.

In a third incident on 9 April, which has been less well publicised, an administrative error by a contractor meant the email addresses belonging to 168 users of the General Aviation Report system – a Border Force system used by pilots and flight handlers to register who and what is being carried on non-scheduled flights – were shared.

The department said it had introduced an unspecified “technical solution” on 5 March to minimise the risk of similar breaches happening in future.

Recent research by PublicTechnology revealed that, in 2017/18, the Home Office recorded the third-highest number of data breaches of any Whitehall department – behind only the Ministry of Defence and the Ministry of Justice, which recorded almost 30 times as many as any other department.

 

About the author

Beckie Smith is a reporter for PublicTechnology sister publication Civil Service World. She tweets as @Beckie__Smith.

Categories

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

Why have governments struggled to get it right on digital identity?
25 February 2020

With many government-developed services seeing poor uptake, the answer may lie in allowing citizens to ‘bring your own identity’, according to Arthur Mickoleit of Gartner

Why government is ‘failing’ on AI openness
17 February 2020

The body dedicated to upholding ethical standards across the public sector has published a major report examining how to ensure those standards are not threatened by AI and automation

Regulators issue warning over police use of facial recognition
27 January 2020

Biometrics and information commissioners remind Met Police that questions remain over both legal footing and public sentiment 

London police to roll out live facial recognition technology
24 January 2020

Critics ramp up opposition as force announces controversial kit will go into live operational use