The Information Commissioner's Office has found the Identity and
Passport Service in breach of the data protection act after it lost 21
passport renewal applications
The loss occurred in May 2010 and included the personal data of both
applicants and their countersignatories.
All the individuals affected were informed and offered new passports
and no complaints have been received to date, said the ICO. The IPS
has also signed an undertaking and has agreed to put in place a number
of measures including ensuring that staff are aware of policies for
the storage and use of personal data and IT security.
It has also agreed to carry out and document regular inspections of
the security of the methods used for the processing of personal data
as well as undertake regular audits, where an appointed data processor
carries out certain tasks on its behalf.
Mick Gorrill, head of enforcement at the ICO, said: "A passport is an
important identification document and it is clearly of concern that
information relating to renewal applications has been lost.
"However, there is no evidence to suggest that the applications have
fallen into the wrong hands and we are pleased that the Identity and
Passport Service is taking steps to stop this happening again."
A spokesman for the IPS said that it takes the security of its
customer data "extremely seriously", and added that immediate action
was taken to cancel the application information.
"An internal security review has since been carried out and we have
already significantly tightened our processes to prevent such an
incident happening again," he said.
"During the past five years the IPS has safely handled more than 25
million passport applications."
No comments:
Post a Comment