Experts Reaction On UK Home Office Breached GDPR 100 Times Through Botched Management Of EU Settlement Scheme

It has been reported that the UK Home Office has breached European data protection regulations at least 100 times in its handling of the EU Settlement Scheme (EUSS). IDs have been lost, documents misplaced, passports have gone missing, and applicant information has been disclosed to third parties without permission in some of the cases, according to a new report.

Experts Comments

March 03, 2020
Darren Wray
CTO & Co-founder
Guardum
Whenever you are dealing with personal information, it is vital to follow the Educate and Automate mantra. Education ensures that all staff need, understand and have the right level of awareness of the data protection processes, controls and regulation. Mature controls are automated controls. If you leave staff to send emails as part of a process, data will leak and will breach. The Home Office may blame human error, but the fact is humans can only make mistakes if the processes are not .....Read More
Whenever you are dealing with personal information, it is vital to follow the Educate and Automate mantra. Education ensures that all staff need, understand and have the right level of awareness of the data protection processes, controls and regulation. Mature controls are automated controls. If you leave staff to send emails as part of a process, data will leak and will breach. The Home Office may blame human error, but the fact is humans can only make mistakes if the processes are not automated.  Read Less
March 03, 2020
Tim Mackey
Principal Security Strategist, Synopsys CyRC (Cybersecurity Research Center)
Synopsys
The ICIBI review of EUSS practices highlighted 100 instances of applicant data potentially being mishandled – a situation concerning in light of GDPR. Of these 100 instances, 63 were traceable to documents being misplaced by the postal services. In looking at the remaining instances, we see the impact of improving processes where by August 2019 EUSS employees were able to identify that six incidents were from documents being returned to applicants at addresses containing typographical errors.....Read More
The ICIBI review of EUSS practices highlighted 100 instances of applicant data potentially being mishandled – a situation concerning in light of GDPR. Of these 100 instances, 63 were traceable to documents being misplaced by the postal services. In looking at the remaining instances, we see the impact of improving processes where by August 2019 EUSS employees were able to identify that six incidents were from documents being returned to applicants at addresses containing typographical errors written by the applicants. As with any government scheme, particularly one which directly engages with people for whom English isn't a primary language or who are members of vulnerable groups, the utmost care is required in handling their personal information. While no system is ever perfect, ongoing reviews and process improvements are key to ensuring that security gaps are addressed quickly while maintaining public trust.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.