Home Office Revises Bulk Email Practice Following Data Breach
The Home Office has admitted a second data breach this month that has revealed the email addresses of EU nationals applying for settled status.
The Home Office has revised its rules for mass communicating with EU citizens applying for settled status, following the exposure of hundreds of email addresses.
Last week, the Home Office revealed that 240 personal email addresses had been exposed during correspondence which asked EU nationals to resend information.
This marks the second damaging data leak in the space of a month for the Home Office, which also leaked personal information belonging to applicants of the Windrush compensation scheme.
The data breach, which occurred just one week after the compensation scheme was launched, exposed around 500 email addresses.
Immigration Minister, Caroline Nokes, said that the government department had since apologised to users affected by the breach and that it had notified the Information Commissioner’s Office (ICO).
Additional steps to prevent future data protection issues have also been taken, Nokes added, while explaining that the Home Office normally responds to enquiries in large batches; though she insisted that email recipients would not be able to see other users’ details.
“As a department, we have been taking steps to ensure we have the culture, processes and systems in place to treat the public’s personal data appropriately,” Nokes said. “As a further immediate step, we have put in place strict controls on the use of bulk emails when communicating with members of the public to ensure this does not happen again as lessons are learned.”
Nokes added that an independent review of the Home Office’s data protection practices has also been launched, the findings of which will be reported.
“An independent review of the department’s compliance with its data protection obligations has also been commissioned, which will be led by non-executive director Sue Langley and will report in due course,” she said.