The Home Office has been reprimanded by a watchdog after sensitive anti-terrorism documents were left at a London location.
The documents, which were handed over to the police in September last year after being found by site staff, included two reports from the Government Department’s Extremism Analysis Unit and a report from the counter-terrorism police.
Both contained personal data, including that of Metropolitan Police personnel, the Information Commissioner’s Office (ICO) said.
READ MORE: Trade minister Conor Burns sacked following complaints about his behavior at a Tory party conference
The watchdog found that the Home Office ‘failed to ensure an appropriate level of security for personal data’ and for documents classified as ‘official sensitive’, Home Secretary Suella Braverman said. , the department’s data controller, with a formal reprimand.
Information Commissioner John Edwards said: ‘Government officials are expected to work with sensitive documents in order to run the country. There is an expectation, both in law and from the people the government serves, that this information will be treated respectfully and securely.
“In this case, it did not happen, and I expect the department will take steps to prevent similar errors in the future.”
The investigation also concluded that the Home Office did not have a proper process for signing documents from its offices and should have reported the incident to the ICO within 72 hours.
In a letter to Home Office Permanent Secretary Matthew Rycroft, the ICO said the breach was not reported by the department until April 4 this year, although its staff were notified the following day. of the incident.
An envelope containing four documents classified as “official sensitive” was found at the scene by staff on September 5, 2021.
They handed them over to the police the following day, who returned them to the Interior Ministry.
The documents contained the personal details of two Met staff and an “overseas UK visa applicant who is the subject of the documents”.
A Cabinet Office investigation concluded that the Home Office was the most likely source of the documents.
The ICO did not specify where the incident occurred and declined to confirm the type of location other than that it was a “public” location.
A spokeswoman for the body said providing details of the location was “not necessary”.
The Home Office has since taken steps to prevent similar breaches from happening in the future, the ICO said, but called for more improvements, including a review of how these documents must be processed, an appropriate process for signing office documents. and a review of staff training on handling records containing personal data.
Responding to the ICO’s rebuke, a spokesperson for the Home Office said: “The UK has one of the strongest and most transparent oversight regimes for the protection of personal data and privacy all over the world.
“We note the decision released today by the Information Commissioners Office and will consider its implications.
“We continue to ensure that strong controls and independent oversight are in place to ensure that we are in full compliance with the requirements for the processing of personal data.”