The Information Commissioner's Office today found the Foreign and Commonwealth Office in breach of the Data Protection Act following an investigation into a security breach on the online application facility for UK visas.
The breach on the UK visas website allowed visitors to the site to see personal data of people applying for entry visas to the UK. A tip-off from Channel 4 alerted the Information Commissioner's Office in May. It launched an immediate investigation into the site, which is run jointly by the Home Office and Foreign and Commonwealth Office Directorate responsible for visa processing.
"The FCO cooperated fully with the ICO during the course of the investigation and provided the ICO with an independent report into the breach," the Information Commissioner's Office said in a statement. An Information Commissioner's Office spokesman said it had also used a report commissioned by the Foreign and Commonwealth Office from an independent investigator in its own investigation.
At the request of the Information Commissioner's Office, the Foreign and Commonwealth Office has signed a formal undertaking to comply with the principles of the Data Protection Act. "Failure to meet the terms of the undertaking is likely to lead to further enforcement action by the ICO," the Information Commissioner's Office said.
Read more on IT risk management
‘Victory for free speech and openness’ after tribunal confirms no territorial restrictions to FOIA
Journalists’ FOI bids stayed as court reconsiders freedom of information rights of people outside UK
Ticketmaster fined £1.25m by ICO for failing to protect customer data
Max Schrems’s mass surveillance complaint knocked back another year or two by Irish judge