It has been reported that the UK Home Office has breached European data protection regulations at least 100 times in its handling of the EU Settlement Scheme (EUSS). IDs have been lost, documents misplaced, passports have gone missing, and applicant information has been disclosed to third parties without permission in some of the cases, according to a new report.
Whenever you are dealing with personal information, it is vital to follow the Educate and Automate mantra.
Education ensures that all staff need, understand and have the right level of awareness of the data protection processes, controls and regulation.
Mature controls are automated controls. If you leave staff to send emails as part of a process, data will leak and will breach. The Home Office may blame human error, but the fact is humans can only make mistakes if the processes are not automated.
The ICIBI review of EUSS practices highlighted 100 instances of applicant data potentially being mishandled – a situation concerning in light of GDPR. Of these 100 instances, 63 were traceable to documents being misplaced by the postal services. In looking at the remaining instances, we see the impact of improving processes where by August 2019 EUSS employees were able to identify that six incidents were from documents being returned to applicants at addresses containing typographical errors written by the applicants.
As with any government scheme, particularly one which directly engages with people for whom English isn\’t a primary language or who are members of vulnerable groups, the utmost care is required in handling their personal information. While no system is ever perfect, ongoing reviews and process improvements are key to ensuring that security gaps are addressed quickly while maintaining public trust.