By Tim Ferguson, 14 November 2007 13:03
NEWS
The Foreign and Commonwealth Office (FCO) has been found to have breached the Data Protection Act following an investigation.
The Information Commissioner's Office (ICO) investigated the FCO after Channel 4 News alerted it to the fact personal details belonging to visa applicants were accessible by anyone visiting certain websites.
Security from A to Z
Click on the links below to find out more...
A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day
The ICO was alerted to a security breach on the website of UKvisas, the joint Home Office and FCO Directorate responsible for visa processing, and immediately launched an investigation into the site. The problem emerged back in May on the visa application websites run by UKvisas' commercial partner, VFS.
As soon as the breach was exposed, UKvisas closed down all of the VFS-run websites in India, Nigeria and Russia in order to rectify the problem.
The FCO has signed a formal undertaking to comply with the Data Protection Act, with failure to do so resulting in further ICO action.
Mick Gorrill, assistant commissioner at the ICO, said organisations have a duty to keep personal information secure and failure to do so will lead to people losing confidence and trust in them.
Mark Sedwill, director of UKvisas, said the organisation regrets mistakes were made but no evidence has been found the details were exploited and no visas were wrongly issued as a result.
Comments
There are 3 comments. Join the discussion
1. Karen Challinor
so the foreign office will receive a token slap on the wrist, and be told to take the information off line
no one important will be sacked
no one important will be fined
a few harsh words may be exchanged but that will be about it
the FO may or may not comply with the ICO directive as the ICO has no actual power to enforce it's judgement
once the fuss dies down the data will reappear somewhere else because it's useful to the FO have it on line
it's a cosmetic exercise, the only people the ICO has any power over are people who are not in government departments
no one is above the law but there seems to be one law for those who make the rules and a completely different law for the rest of us
2. Richard Davies
Will they do that with ID Card details as well!?!?
3. Anon
Don't be silly, Richard, of course they'll do exactly the same thing with ID cards (if they're around long enough to implement them - which I wouldn't bet on). Govt IT & security disasters are a little bit like bread & butter 'you can't have one without the other'