The Foreign and Commonwealth Office

Loss of personal data

How much

The ICO was informed by Ukvisas that there had been a breach of security in the VFS online visa application facility. The security breach resulted in the personal data of persons applying for visas to enter being viewable by others.


Regulatory action
Undertaking issued to ensure that the VFS on-line application websites will not be re-opened and will be replaced by visa4UK. A strategic review of data processing will be undertaken by UKvisas in order to strengthen Data Protection Act risk management processes and a detailed audit carried out of the data processor’s data security procedures. The website will be regularly monitored and adequate and relevant data protection will be given to all UKvisas staff on an ongoing basis.

Reason for action
The ICO had received a complaint about the data controller’s breach of the Seventh Data Protection Principle.

19 October 2007

View PDF of the Foreign and Commonwealth Office Undertaking (Breach Watch Archive)