The UK Home Office has apologised to 240 EU citizens who applied for settled status in the UK after it accidentally shared their personal details via email — the blunder, which was apparently a mundane administrative error, could constitute a breach of the Data Protection Act.
Applicants received an email from the department on 7th April asking them to resubmit their information — but the addresses of other applicants to whom the email had been sent weren't hidden. The Home Office then sent another email asking recipients to delete the previous missive.
A mere day after the embarrassing flub, immigration minister Caroline Nokes apologised to the Windrush generation after 500 private email addresses were mistakenly shared with recipients of a mailing list for the compensation scheme.
"In communicating with a small group of applicants, an administrative error was made which meant other applicants' email addresses could be seen. As soon as the error was identified, we apologised personally to the 240 applicants affected and have improved our systems and procedures to stop this occurring again," a Home Office spokesperson said.
Were it not for affected individuals publicising the case, it may well have gone entirely unreported and unacknowledged — the Home Office has a proven track record of failing to report data breaches to the Information Commissioner's Office, as the department is required to by law. In 2015 alone for instance, there were 33 instances of unreported data breaches.