Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Foreign Office breached Data Protection Act

Security hole meant personal data of people applying for UK visas was visible to other users

The UK Foreign Office has been slammed for breaching the Data Protection Act after a probe by the Information Commissioner into a security flaw on a website used by people applying for UK visas.

The Information Commissioner's Office launched an investigation after being alerted in May to the security error on the UKvisas website provided by VFS Global, a commercial partner of the joint Foreign Office and Home Office agency, UKVisas.

The security hole meant that the personal data of people applying for visas to enter the UK was visible to other website users.

Independent investigators, led by Linda Costelloe Baker, have also probed the security breach, painting a damning picture of "organizational failures" by both the government agency and its contractor.

The investigation strongly criticized UKVisas' outsourcing of the online service to a firm that is not an IT specialist, the contractor's performance and the failure to respond adequately when the security hole was first revealed in December 2005.

The ICO based its ruling on the findings of the Costelloe Baker report.

But the watchdog body stopped short of slapping an enforcement notice on the Foreign Office, opting instead to require the department to sign a formal undertaking to comply with Data Protection Act principles in future.

Failure to meet the terms of the undertaking was likely to lead to further enforcement action, the ICO said.

Mick Gorrill, assistant commissioner at the ICO, said: "Organizations have a duty under the Data Protection Act to keep our personal information secure. If organizations fail to take this responsibility seriously, they not only leave individuals vulnerable to identity theft but risk losing individuals' confidence and trust. We investigate any organization in breach of the Act and will not hesitate to take appropriate action."

The undertaking commits the Foreign Office to scrapping the VFS online application website and replacing it with the visa4UK online application service -- a commitment already made by foreign secretary David Miliband.

UKvisas must also carry out a strategic review of data processing and a detailed audit of its data security procedures, regularly monitor the security of the visa4UK website and provide continuing data protection training to UKvisas staff, the document stipulates.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: ACT, ICO

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
Whitepapers
  • 10 Essential Steps to Email Security
    Modern business is reliant on email. All organisations using email need to answer the following questions: How do we control spam volumes without the risk of trapping a business email? How do we prevent infections from email-borne viruses? How do we stop leakage of confidential information? Can we detect and stop exploitation from phishing attacks? How do we control brand damage from occurring due to employee misuse? How do we prevent inappropriate content from being circulated?
    Learn more »
  • Protecting Against the Leading Causes of Data Breach
    This whitepaper was written for the organisation that wants to focus on prevention of data loss and doesn’t have millions to spend, but needs affordable solutions that can be implemented today to protect millions of sensitive records and dollars worth of intellectual property. This whitepaper addresses: - What organisations can do to prevent the four leading causes of data breaches - Why dedicated (pure-play) DLP solutions may not protect you from all four leading causes of data breaches - How to get prevent sensitive data leaving your organisation
    Learn more »
  • Blurring boundaries: The disappearing gap between work and home life
    Call it multi-tasking, life-splicing or bleisure but increasingly, fuelled by advances in technology, employees are blurring the boundaries between home and work. ‘Generation Standby’ employees, never truly ‘switched off’ and always ready to be called upon, are now enjoying, and expecting, greater levels of flexibility and mobility than ever before. Read on.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments

HP and IDG news, product videos and resources