FCO Investigated for Unsecure UKvisas Website
The FCO (Foreign and Commonwealth Office) has violated the Data Protection Act as a result of exposure of personal information of those people who applied for visas, the Information Commissioner's Office confirmed on November 13, 2007 on the basis of an investigation.
In May 2007, it was found that UKvisas, the agency comprising of the Home Office and FCO Directorate and responsible for processing visas, was unsecure as the details of some applicants became visible to each other. An investigation was launched on the initiation of the Information Commissioner's Office after it was alerted of the security problem on the website of UKvisas. The website is the result of the efforts of VFS Global, a partner to UKvisas.
While the investigation was on, the FCO extended full cooperation to the ICO and provided it with an exclusive report on the basis of an independent probing into the security breach. According to the report, the breach made an impact on nearly 50,000 Internet-based visa applications to the British High Commission in India.
Assistant Commissioner Mick Gorrill at the Information Commissioner's Office said that organizations were bound to secure personal information as per rules of the Data Protection Act. Organizations failing to keep up to this responsibility could put individuals at risk of identity theft in addition to losing their trust and confidence. Gorrill added that the ICO scrutinizes any organization that violates the Act and it would not deter to act appropriately against that organization. EGov Monitor reported this on November 13, 2007.
The FCO is now required to accept a formal undertaking as per the ICO's directions and assure its future compliance with the rules of the Data Protection Act. If FCO fails to fulfill the terms and conditions of the undertaking, it may mean enforcement of further action on it by the ICO.
The document also stipulates that UKvisas must strategically review the processing of data and audit its procedures for data security, monitor the Visa4UK Website for security on a regular basis, and impart continuous training to the staff of UKvisas on data protection, as part of the more mandatory actions.
Related article: Fake Spam Mail Announces Australian PM’s Heart Attack
» SPAMfighter News - 26-11-2007