Report reveals massive spike in Home Office data breach reporting following GDPR

Written by Beckie Smith on 14 June 2019 in News
News

New legislation saw the department recording and reporting many more incidents

The Home Office’s annual report has revealed a spike in the department’s reporting and recording of data breaches in light of GDPR coming into effect. 

A total of 35 data breaches were reported to the Information Commissioner’s Office in the year to 31 March 2019, up from two the previous year.

A further 1,895 data breaches were recorded by the department’s data controller during 2018/19 but not deemed major enough to warrant reporting to ICO. Sixty-four such breaches were recorded the previous year.

The report attributes the sharp increase in reporting to “greater awareness and vigilance amongst staff” since the introduction of GDPR in May 2018. Guidance published post-GDPR and a revised reporting process “has raised awareness across the Home Office regarding the need to escalate such incidents”, it says.


Related content


However, the report does reveal concern about the Home Office’s compliance with data-protection regulations. A section on risks to the department’s work stresses that “it is essential that we manage those assets properly and do not lose the public's trust and confidence, in particular by being non-compliant with data protection legislation”.

It addresses, in particular, a three-day period in early April in which three separate data breaches occurred. On 7 April, when sending an email to 240 EU settlement scheme applicants, an official failed to use the BCC function to hide recipients’ email addresses from each other. The following day, a similar error happened in five batches of emails to people who had contacted the Home Office about its Windrush compensation scheme.

In a third incident on 9 April, which has been less well publicised, an administrative error by a contractor meant the email addresses belonging to 168 users of the General Aviation Report system – a Border Force system used by pilots and flight handlers to register who and what is being carried on non-scheduled flights – were shared.

The department said it had introduced an unspecified “technical solution” on 5 March to minimise the risk of similar breaches happening in future.

Recent research by PublicTechnology revealed that, in 2017/18, the Home Office recorded the third-highest number of data breaches of any Whitehall department – behind only the Ministry of Defence and the Ministry of Justice, which recorded almost 30 times as many as any other department.

 

About the author

Beckie Smith is a reporter for PublicTechnology sister publication Civil Service World. She tweets as @Beckie__Smith.

Categories

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

Will the UK government use phone tracking to fight pandemic?
24 March 2020

Various other countries are using voluntary or mandatory tracking to follow spread of pandemic, as PM says tech will ‘help us see the disease as it is transmitted’

Why have governments struggled to get it right on digital identity?
25 February 2020

With many government-developed services seeing poor uptake, the answer may lie in allowing citizens to ‘bring your own identity’, according to Arthur Mickoleit of Gartner

Why government is ‘failing’ on AI openness
17 February 2020

The body dedicated to upholding ethical standards across the public sector has published a major report examining how to ensure those standards are not threatened by AI and automation

Scotland launches website to coordinate volunteering
31 March 2020

Online platform will bring together information and point people towards where and how they can provide support