The Foreign and Commonwealth Office

What
Loss of personal data

How much
Unknown.

Why
The ICO was informed by Ukvisas that there had been a breach of security in the VFS online visa application facility. The security breach resulted in the personal data of persons applying for visas to enter being viewable by others.

Regulator
ICO

Regulatory action
Undertaking issued to ensure that the VFS on-line application websites will not be re-opened and will be replaced by visa4UK. A strategic review of data processing will be undertaken by UKvisas in order to strengthen Data Protection Act risk management processes and a detailed audit carried out of the data processor’s data security procedures. The website will be regularly monitored and adequate and relevant data protection will be given to all UKvisas staff on an ongoing basis.

Reason for action
The ICO had received a complaint about the data controller’s breach of the Seventh Data Protection Principle.

When
19 October 2007

Links
View PDF of the Foreign and Commonwealth Office Undertaking (Breach Watch Archive)

FCA/FSA (7)	£ 7,777,000
ICO DPA (55)	£ 5,573,500