Personal data breaches at the Home Office rose 122% last year to over 4,000.
There were 4,204 “personal data related incidents” in 2019/20 compared to 1,895 in 2018/19, according to the department’s annual report and accounts. They included “loss of inadequately protected electronic equipment, devices or paper documents” and “unauthorised disclosure” of personal data.
Officials deemed only 25 data loss incidents significant enough to report to the Information Commissioner’s Office, down from 35 the year before.
The figures have been widely reported in the IT press this week, with outlets crediting Parliament Street, a think tank, for plucking them out of the annual report.
It is not known — and the Home Office will not say — how many of these incidents related to the department’s immigration functions. But the immigration inspector, David Bolt, gave examples of data breaches affecting the EU Settlement Scheme in a report earlier this year. Some are quite serious.
Poor data security is a particular concern given the government’s plans for a centralised database of migrants’ legal status, known internally as the Status Checking Project.
The Home Office has issued revised guidance to staff to stop documents going astray. A spokesperson told Free Movement, “We take customer data protection and the security of documents extremely seriously and there are a number of robust processes in place to prevent losses within our control. This includes referring data incidents, which meet the appropriate threshold for reporting, to the Information Commissioner’s Office”.
This article has been updated. The percentage rise from 1,895 to 4,204 is 122%, not 55% as originally stated.