The United Kingdom is currently processing its Brexit documents to complete the process of leaving the European Union for good. But it is now at the very center of another controversy as 240 EU-member state nationals applying for EU settlement scheme program had their email addresses leaked from the UK Home Office due to an “administrative error.” The office sent apology emails to all 240 people affected by the leak, the leak was caused by an accident when the intended bulk email was sent to the same 240 recipients using the CC line, instead of the BCC line which effectively revealed the email addresses to everyone.
The EU Settlement Scheme is designed for non-UK citizens, but EU nationals can settle within the UK even after Brexit. In order for Europeans to qualify for the privilege, they need to apply by sending their contact information, with no criminal record and proof of family relationship. One recipient of the apology email was Natasha Long, who openly shared her email to the public.
“We inadvertently shared your email address with other applicants on 7 April 2019. We take this opportunity to apologise for any inconvenience caused by this incident. We value your patience and understanding at this time. We would like to reassure you that we are taking this matter very seriously. As all the different stages of our email process are monitored for training and continuous improvement purposes, we will be addressing this issue with our agents,” explained UK Home Office in the email sent to Ms. Long.
The UK Home Office, no other information about the users were leaked other than the email address. The agency also reiterated that they have an IT security policy that prevents unauthorized access of personal information beyond the team that processes the said data for the settlement scheme.
“Regrettably, it has come to my attention that on Sunday 7 April three emails were sent that did not follow the appropriate procedure and 240 email addresses were made visible to other recipients. No other personal data was included in the communication. We have written to all individuals who received this email to apologise. The Departmental Data Protection Officer has been informed and the Department has voluntarily notified the Information Commissioner’s Office of the incident,” emphasized Baroness Williams of Trafford, UK Home Office’s Minister of State.
There is really a problem on how the UK government sends email in a private manner, as the issue with the UK Home Office email address leak is not a unique case. The same mailing list leak happened with the Minister of State for Immigration with the Windrush compensation scheme which happened a day after on April 8, 2019, Monday. Caroline Nokes who heads the agency issued a public apology due to the incident.
“Regrettably, in promoting the scheme via email to interested parties, an administrative error was made which has meant data protection requirements have not been met, for which the Home Office apologises unreservedly. This occurred in emails sent to some of the individuals and organisations who had registered an interest in being kept informed about the launch of the compensation scheme, which included other recipients’ email addresses. Five batches of emails, each with 100 recipients, were affected. No other personal data was included,” said Caroline Nokes.