UK Home Office apologizes to 240 EU citizens for accidentally leaking their email addresses
- The UK Home Office has sent an apology email to the 240 EU citizens for accidentally leaking their email addresses.
- Home Office has implemented strict controls on the use of bulk emails when communicating with members of the public in order to avoid such an incident from happening in the future.
What is the issue - The UK Home Office has inadvertently leaked the email addresses of almost 240 EU citizens who applied for the EU Settlement Scheme.
What happened - While communicating with a small group of applicants via email, an administrative error was made. All the recipients’ email addresses were included in the CC field instead of BCC, which exposed the email addresses of the applicants to other applicants.
What is EU Settlement Scheme - The EU Settlement Scheme is a program through which EU citizens and their families will be able to apply to get either settled or pre-settled status.
The big picture
The UK Home Office has sent an apology email to the 240 EU citizens for accidentally leaking their email addresses.
Danish citizen Natasha Jung who received the apology email shared it on Twitter and said that the UK is treating EU citizens as second class citizens.
“#Brexitshambles #EUdatabreach Sunday evening I had my data breached by the Home Office. When will the UK wake up and realize that EU citizens are being treated as second class citizens? We have had zero say in the entire process, despite Brexit affecting us the most,” Jung tweeted.
Contents of the email
“Dear Natasha Jung, It has been noted that in our attempt to gather further data from eligible applicants, in order to appropriately establish the reasons behind the technical difficulties they have been experiencing and effectively resolve them, we inadvertently shared your email address with other applicants on 7 April 2019.
We take this opportunity to apologize for any inconvenience caused by this incident. We value your patience and understanding at this time.
We would like to reassure you that we are taking this matter very seriously. As all the different stages of our email process are monitored for training and continuous improvement purposes, we will be addressing this issue with our agents.
As with any government online service, the security and safeguarding of personal information, is of the utmost importance to us.
Please rest assured that the personal information you have already supplied, or which has since been collected, for the purposes of making and considering your application for status under the EU Settlement Scheme, remains unaffected; it is safely stored by the Home Office in accordance with the required Data Protection Act 2018,” the apology email read.
What actions were taken?
- Upon learning about the incident, the UK Home Office has apologized to the 240 EU citizens.
- It has notified the Information Commissioner’s office and has informed the Departmental Data Protection Officer about the incident.
- Home Office is conducting an internal review to determine the details of the incident.
- The department has also taken necessary steps to ensure that the public’s personal data are protected.
- It has also implemented strict controls on the use of bulk emails when communicating with members of the public in order to avoid such an incident from happening in the future.
“The Home Office takes its data protection responsibilities very seriously and is committed to the continued improvement of its performance against the UK’s high data protection standards. As a Department we have been taking steps to ensure we have the culture, processes and systems in place to treat the public’s personal data appropriately,” Baroness Williams of Trafford, the Minister of State, Home Office said in a statement.
“As a further immediate step we have put in place strict controls on the use of bulk emails when communicating with members of the public to ensure this does not happen again as lessons are learned. An independent review of the Department’s compliance with its data protection obligations has also been commissioned which will be led by Non-Executive Director Sue Langley and will report in due course,” Williams added.