Foreign Office breached Data Protection Act
- Reduce text size Decrease text size
- Increase text size Increase text size
- Print article Print
- Jump to comments Comment
- Share this article Share
- Email article to a friend Email
Visa application site exposed 50,000 Indian citizens....
The UK’s Foreign Office was complicit in exposing of personal details of thousands visa applicants to the public web, the privacy watchdog the Information Commissioner’s Office (ICO) has found. It has therefore broken the terms of the Data Protection Act,
According to a Channel 4 investigation into the leak, identity data relating to 50,000 Indian citizens was insecurely stored by a visa application website.
Development and management of the offending website had been outsourced to VFS, an Indian company that also holds UK government contracts for similar sites in Russia and Nigeria. The government’s dealings with VFS are now under review.
A report from the ICO on the incident concluded that data security had not been a high enough priority in the project specification. "Sound security needs to be woven into the business and cannot be simply bolted on as an extra," the report reads.
Further reading
Commisioner lambasts data protection UK CEOs accused of "horrifying" lack of concern.
Find more stories in the Security & Continuity Briefing Room
