UK Home Office Data Loss

The United Kingdom’s Home Office, a department of the government that is responsible for immigration, security, and law and order, reported a 120% increase in data loss incidents during the fiscal year 2019-20. According to the Home Office’s Annual Report and Accounts 2019-20, there were a total of 4,204 individual incidents in that fiscal year, while the previous report from 2018-19 cited less than 2,000 incidents. While these statistics are startling enough, the breakdown of specific data loss incidents within the Home Office exemplifies the lack of security in the organization.

Individual Data Loss Incidents

The majority of data loss incidents were due to inadequately protected electronic equipment, devices, and other documents from outside secured government premises. There were more than 2,000 incidents of this nature, which accounts for more than half of all data loss incidents that occurred.

The next most common scenario was lost equipment or documents from secured government premises with 946 cited incidents. Overall, 25 incidents were classified as severe, leading the Home office to report them to the Information Commissioner’s Office, a non-departmental public body that reports to the UK Parliament. Some of these data loss examples were the result of unauthorized disclosure.

GDPR Fines Abound

Earlier this year, the Home Office breached the General Data Protection Regulations after mishandling the data of EU citizens. This is not the first time that the GDPR was breached in 2020, with multiple countries fining companies for a lack of proper security measures. Here are just a few of the GDPR fines that have been imposed this year:

  • March 2020, the Data Protection Authority of Sweden fined Google for not removing people’s personal information who had requested to be excluded from search results. Total amount: $8,237,810 US Dollars
  • June 2020, a health insurance organization in Germany sent marketing messages to 500 people without consent and did not take appropriate measures to protect personal data. Total amount: $1,459,107 US Dollars
  • August 2020, The French Data Protection Authority set a fine on online retailer SPARTOO for collecting too much information in multiple formats, retaining data for five years instead of two, and by keeping unencrypted scans of bank cards among other violations. Total amount: $294,143 US dollars

Protecting Data with Encrypted Storage

Any data that an organization collects legally should be stored properly within an organization’s walls for the appropriate amount of time. Yet, the leading cause of data loss for the Home Office was inadequately protected devices. Having hardware encrypted storage offers built-in protection for sensitive data. The SecureDrive products are hardware encrypted and require secure authentication through either PIN entry on a keypad or through a secure mobile app.

The authentication methods on these drives also resolve the issue of unauthorized disclosure by keeping data access in the hands of the admin for the device. In terms of protecting data if the device itself becomes lost, the SecureDrives have brute force anti-hacking technology in which the data is wiped clean from the device after 10 consecutive failed PIN or password entries. With our BT model SecureDrive, a user can remotely wipe the drive from anywhere in the world using their mobile device.

Any organization that deals with sensitive data, especially information from the Home Office regarding immigration and security, needs a secure storage solution. The SecureDrives are GDPR compliant, HIPAA compliant, and are FIPS 140-2 Level 3 Validated for government-level security. Learn more about these products for your organization on our website.