Experts Reaction On UK Home Office Breached GDPR 100 Times Through Botched Management Of EU Settlement Scheme

By   ISBuzz Team
Writer , Information Security Buzz | Mar 03, 2020 03:18 am PST

It has been reported that the UK Home Office has breached European data protection regulations at least 100 times in its handling of the EU Settlement Scheme (EUSS). IDs have been lost, documents misplaced, passports have gone missing, and applicant information has been disclosed to third parties without permission in some of the cases, according to a new report.

Notify of
2 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Darren Wray
Darren Wray , CTO & Co-founder
March 3, 2020 11:27 am

Whenever you are dealing with personal information, it is vital to follow the Educate and Automate mantra.

Education ensures that all staff need, understand and have the right level of awareness of the data protection processes, controls and regulation.

Mature controls are automated controls. If you leave staff to send emails as part of a process, data will leak and will breach. The Home Office may blame human error, but the fact is humans can only make mistakes if the processes are not automated.

Last edited 3 years ago by Darren Wray
Tim Mackey
Tim Mackey , Principal Security Strategist, Synopsys CyRC (Cybersecurity Research Center)
March 3, 2020 11:20 am

The ICIBI review of EUSS practices highlighted 100 instances of applicant data potentially being mishandled – a situation concerning in light of GDPR. Of these 100 instances, 63 were traceable to documents being misplaced by the postal services. In looking at the remaining instances, we see the impact of improving processes where by August 2019 EUSS employees were able to identify that six incidents were from documents being returned to applicants at addresses containing typographical errors written by the applicants.

As with any government scheme, particularly one which directly engages with people for whom English isn\’t a primary language or who are members of vulnerable groups, the utmost care is required in handling their personal information. While no system is ever perfect, ongoing reviews and process improvements are key to ensuring that security gaps are addressed quickly while maintaining public trust.

Last edited 3 years ago by Tim Mackey

Recent Posts

Would love your thoughts, please comment.x