Latest News

Home Office reports 9,205 personal data incidents over past year

The Home Office, the lead government department responsible for immigration, security and law and order, has recorded 9,205 personal data incidents over the past year.

In the Home Offices’ Annual Report and Accounts 2021-22 it was reported that over 9,205 personal data incidents occurred from April 2021 to March 2022, with 13 being reported directly to the Information Commissioner’s Office (ICO).

Of the 13 incidents formally reported to the ICO, seven were reported as an unauthorised disclosure of information, one was reported as a device or paper document lost outside of secured government premises, and the remaining five were listed as ‘other’.

In total, 9,192 personal data incidents were not reported to the ICO, but were recorded internally, 5,959 of which were devices and documents lost outside of secured government premises.

Unauthorised disclosures of information accounted for 1,826 incidents, 348 incidents were reported as the loss of devices or documents inside government premises, whilst 1,059 incidents were recorded as ‘other’.

The Home Office noted that it “has continued to improve both awareness and education around the identification of personal data related incidents and this has led to the increase in reported incidents across all categories. This represents a move towards a more robust level of assurance as confidence in positive behaviours around incident handling grows.”

Cybersecurity expert Achi Lewis, Area VP EMEA for Absolute Software commented: “It is a difficult task for large organisations like the Home Office to effectively manage a large, work from anywhere workforce with devices logging on from so many different locations. It is great to see that the Home Office has taken action with increased reporting and education to identify threats and incidents in order to mitigate cyber risks.”

“Deploying a resilient zero trust solution is an important tool to allow organisations to monitor their devices in the world of hybrid working, giving them the power to freeze, or even shut off, devices when they are lost, protecting the data stored on that device and preventing potential breaches across the rest of the network” he continued.

The past year saw an 85 per cent increase in the number of reported personal data incidents, rising from 4,984 in FY 2020-21 to 9,205 total incidents in FY 2021-22.