(Dieser Artikel ist auch in deutscher Sprache verfügbar)
Following an investigation into the online visa application system for UK, the Information Commissioner's Office (ICO) ruled on 13 November 2007 that the Foreign and Commonwealth Office (FCO) was in breach of the Data Protection Act, having failed to properly protect visa applications made over the Internet through its UK visas website.
The site is run by FCO together with the Home Office and is outsourced to an Indian company called VFS. The problem was first signalled by a member of the public who alerted VFS being concerned of the fact that he could read details about other applicants. But only this year have VFS and FCO admitted there was a problem after the issue was brought out by a Channel 4 News investigation showing the visa applicant data was not secure.
The ICO investigation has shown that at least 50 000 applications to the British High Commission in India were affected and found "inadequate central control of the moves to outsourcing" stating that officials had a "piecemeal" approach to privacy. The report concluded that: "The earlier contracts paid insufficient attention to the requirements of the Data Protection Act and to basic IT security."
FCO fully cooperated with ICO during the investigation also providing ICO with an independent report into the breach. ICO asked FCO to sign a formal undertaking to comply with the Data Protection Act which comprises the eight basic principles of personal data protection.
"Organisations have a duty to keep our personal information secure (...) If they fail to take this responsibility seriously, they not only leave individuals vulnerable to identity theft, but risk losing confidence and trust" said Mick Gorrill, assistant commissioner at the Information Commissioner's Office.
Failure by FCO to meet the terms of the undertaking may lead to further action by the ICO.
Foreign Office in breach of the Data Protection Act - ICO Press Release
(13.11.2007)
http://www.ico.gov.uk/upload/documents/pressreleases/2007/fco_undertak...
Government broke data protection laws (14.11.2007)
http://www.guardian.co.uk/technology/2007/nov/14/data.protection.breac...