According to the Information Commissioner’s Office (ICO, the UK government’s Home Office has been responsible for more than 20 data breaches a month in the administration of the EU settlement scheme, including losing passports and sending ID cards to wrong addresses.
The Independent Chief Inspector of Borders and Immigration (ICIBI) said the scheme breached General Data Protection Regulation (GDPR) law 100 times between April and August last year – which campaigners said had “sinister implications” for the planned digitisation of the wider immigration system.
A report by the immigration watchdog also raised concerns about a lack of support for vulnerable applicants, hidden costs of applying and a lack of transparency and detail in the Home Office data.
Campaign groups supporting EU nationals applying for settled status said the findings backed up EU citizens’ worries about the Home Office losing, sharing or deleting their records and data, and said it highlighted the risks of digital-only systems.
In total, 3.2 million people have so far registered for EU settled status, which they must obtain in order to continue living legally in the UK after June 2021. Of these, 2.7 million have been granted status – meaning around 500,000 applications are currently going through the system.
The Home Office apologised last April for committing a potential data breach of EU nationals after “inadvertently” sharing the email addresses of 240 applicants with others who had applied under the scheme.
But the ICIBI report revealed there had been scores of other data breaches in the handling of EU nationals’ documents and information in the space of less than half a year, including 13 incidents of ID documents being misplaced within the EU settlement scheme office and 27 incidents of personal documents being sent to the wrong address.
Chief Inspector David Bolt said:
Data breaches damage public confidence, and applicants will blame the Home Office, whether or not this is fair. It is therefore important for the Home Office to do everything it can to keep breaches to a minimum. Most appear to have involved document handling errors, and these should be easiest to prevent with clear instructions and good organisation. …
The information provided to inspectors regarding data breaches was concerning, not least the increase in breaches each month between April and July 2019. Most of those to the end of June were due to a postal company rather than EU settlement scheme staff or processes.
Source: Independent