Home Office curbs bulk emails following data breach

The Home Office has introduced new rules for mass messaging for communication with citizens after exposing the email addresses of hundreds of applicants for the government’s EU settlement scheme.

The breach occurred on 7 April, when the department revealed that 240 personal email addresses had been exposed in error when asking EU citizens to resend their information. A similar error exposed email addresses of applicants to the Windrush compensation scheme earlier this month.

In a written statement, immigration minister Caroline Nokes said the Home Office normally responds to generic enquiries in batches and the process is such that recipients would not be able to see each other’s addresses.

Nokes said the Home Office had apologised to affected users, had voluntarily notified the Information Commissioner’s Office and had taken steps to prevent future issues around the protection of personal data.

“As a further immediate step, we have put in place strict controls on the use of bulk emails when communicating with members of the public to ensure this does not happen again as lessons are learned,” the minister said.

She stressed the fact that no other personal data was included in the communication to those affected by the breach.

An internal review is under way to “determine the details of what happened and the lessons that need to be learned”, said Nokes.

An independent review of the Home Office’s compliance with its data protection obligations has also been commissioned.