Login to access your account

Sat, 4 April 2020

Personalise Your Politics

Subscribe now
The House Live All
Home affairs
By Policy Exchange
Press releases

EXCL Home Office reports itself to data watchdog after Settled Status emails breach

EXCL Home Office reports itself to data watchdog after Settled Status emails breach

Emilio Casalicchio

4 min read

The Home Office has been forced to report itself to data watchdogs after it accidentally shared the emails of hundreds of EU citizens applying to stay in the UK after Brexit.

The department apologised after it failed to mask the addresses in a group email to applicants of the controversial Settled Status scheme.

A Conservative MP said he was “disappointed” that his warnings about the residency process were being ignored and called on the Government to scrap the “morally repugnant” system.

Labour said people dealing with the Home Office were suffering “a combination of indifference, incompetence and the hostile environment”.

Some 240 email addresses were revealed on Sunday 7 April after the department failed to use the commonly-known 'bcc' function, which blanks out the details of other recipients.

It was contacting applicants who had faced technical difficulties while trying to apply to keep their rights in the UK after Brexit.

In a fresh email last night, the Home Office apologised to those concerned and insisted all other personal data held by the department remained safe.

PoliticsHome understands the Home Office has notified the Information Commissioner Office of the breach but has not issued a formal report to the watchdog.

It means the ICO will consider the evidence and decide whether or not to launch a full inquiry.

Danish national Natasha Jung, who was caught up in the debacle, said on Twitter: “When will the UK wake up and realise that EU citizens are being treated as second class citizens?

“We have had zero say in the entire process, despite Brexit affecting us the most.”

It comes after the Home Office admitted earlier this week that it had revealed private email addresses as the Windrush compensation scheme was launched.

Shadow Home Secretary Diane Abbott said: “Data breaches are now a matter of routine, while all those who are unfortunate enough to have to deal with the Home Office face a combination of indifference, incompetence and the hostile environment.”

She urged the Government to make a Commons statement and noted: “Formerly, ministers would feel obliged to resign over negligence like this.”

Yvette Cooper, the Labour chair of the Home Affairs Select Committee, said: "For the Home Office to make the same basic mistake on data protection with EU citizens as it has just made with Windrush cases is extremely serious and raises major questions about Home Office systems and competence."


Tory MP Alberto Costa told PoliticsHome: “I have repeatedly advised the government of the foreseeable problems that are now, sadly and unsurprisingly, arising with the Settled Status Scheme.

“I am very disappointed that my warnings are not being heeded.

“The Home Secretary, Sajid Javid, must now listen to those of us who are arguing that this registration process is fundamentally wrong, un-british and morally repugnant.”

He added: “This issue is toxic and must be rethought as a matter of urgency.”

Lib Dem Home Affairs spokesman Ed Davey added: “The Settled Status scheme only launched two weeks ago, and already the Home Office is proving it can’t be trusted to manage it properly.

“We’ve already heard far too many cases of EU citizens facing technical problems or being wrongly refused. Now 240 have had their privacy compromised.

“And it will only get worse if Brexit goes ahead. On this evidence, we are heading straight for another Windrush scandal.”


But the Home Office said: “In communicating with a small group of applicants, an administrative error was made which meant other applicants’ email addresses could be seen.

“As soon as the error was identified, we apologised personally to the 240 applicants affected and have improved our systems and procedures to stop this occurring again.”

The department added that it had improved its email systems and procedures since the breach, as well as checks before communications are sent out.

An ICO spokesperson said: “The Home Office have made us aware of an incident in relation to the EU Settlement Scheme and we will assess the information provided.”

The Settled Status scheme, which has been trialled for months and was rolled out across the country at the end of March, allows EU nationals and their families to secure their rights in the UK after Brexit.

It is open to those who have lived in the country for five years or more, while those who have lived in Britain for less time can apply for ‘pre-Settled Status’.


Brexit Home affairs
Partner content
The Cybersecurity Summit

Join Cyber Security and ICT professionals from across central government, local government, law enforcement and wider public sector, to tackle key issues at the heart of UK public sector.

Find out more

Partner content
NICE Annual Conference 2020

NICE 2020: Connecting evidence, people and practice showcases the latest developments in clinical improvement, health technologies and patient-centred quality care.

Find out more