The Identity and Passport Service (IPS) breached the Data Protection Act by losing the passport renewal applications of 21 individuals, the Information Commissioner’s Office (ICO) said today.
The loss occurred in May 2010 at the passport office that was responsible for processing the applications and the ICO was subsequently informed. The missing details included the personal data of both the applicants and their countersignatories. All of the individuals affected were informed and offered new passports and no complaints have been received. IPS is unaware of any damage having been caused as a result of the loss.
Mick Gorrill, Head of Enforcement at the ICO, said:
“A passport is an important identification document and it is clearly of concern that information relating to renewal applications has been lost.
“However, there is no evidence to suggest that the applications have fallen into the wrong hands and we are pleased that the Identity and Passport Service is taking steps to stop this happening again.”
Sarah Rapson, Chief Executive of the Identity and Passport Service, has signed an undertaking for and on behalf of the Secretary of State for the Home Department – the data controller as defined in section 1(1) of the Data Protection Act. The IPS has agreed to put in place a number of measures including ensuring that staff are aware of policies for the storage and use of personal data and IT security, and that they are trained in how to follow them.
IPS has also agreed that it will carry out and document regular inspections of the security of the methods used for the processing of personal data as well as undertake regular audits, where an appointed data processor carries out certain tasks on its behalf.
A full copy of the undertaking can be viewed here:
http://www.ico.gov.uk/what_we_cover/promoting_data_privacy/taking_action.aspx#undertakings
Source: Information Commissioner’s Office