The confidential information was visible on the Home Office website for two weeks
The Home Office has accidentally published personal details of 1,598 people who were in the process of being deported from the UK.
The information remained on the website between 15 and 28 October, until the mistake was noticed by Home Office officials, who then took it down and notified the Information Commissioner’s Office.
“We will be seeking assurances from the Home Office that they are looking carefully at their reporting systems. They must ensure that this does not happen again,” said MP Keith Vaz, chairman of the Home Affairs Select Committee.
The information published on the Home Office website included names, dates of birth and immigration status, but not home addresses or financial information. It was mistakenly included in a spreadsheet, alongside the regular dataset.
It is believed that less than 30 people accessed the data while it was available, and the Home Office itself classified the risk to the deportees and their families as “low”. That didn’t stop Labour MP Vaz from exchanging some harsh words with Immigration minister Mark Harper.
“This breach yet again raises serious questions about the departments’ ability to function adequately,” said Vaz. “The Home Affairs Committee recently scolded the Home Office for taking months to reply to our correspondence, yet it seems in just seconds they were able to release this private data.”
In his response, Harper said Home Office was undertaking an internal investigation to find those responsible. “Measures have been put in place to prevent a recurrence of the error and verify that no similar error has previously taken place,” he added.
Home Office will also notify the affected individuals “where it is possible and appropriate to do so.”
“This incident comes only weeks after the Ministry of Justice was fined £140,000 by the ICO for releasing details of prisoners via email,” commented Martin Sugden, CEO of information management company Boldon James. “Although this particular incident involves the details being published online, the lesson is the same; if the data had been appropriately classified then the user(s) would have been aware it was sensitive and would not have uploaded it in error.
“In this day and age it is becoming increasingly important for all businesses, not just the public sector, to understand how to better protect their data. There are numerous technologies such as DLP and Data Classification solutions which, if combined as part of a layered security approach, could have stopped this incident from occurring in the first place.”
What do you know about public sector IT? Take our quiz!