More than 50 data breaches have been reported by the Passport Service to the Data Commission since the start of 2018.
Staff error has been blamed as the reason for many of these breaches, with passports being posted to the wrong address in the majority of cases.
The Passport Service also revealed that it received 247 complaints between January 1, 2018 and March 1, 2019. In that period, 1,008,089 passport applications were received.
It also confirmed that in 2018, 49 data breaches were recorded. In 2019, there were six more recorded between January 1 and March 1.
The most common data breach was “the unauthorised disclosure of a passport to a third party by virtue of the passport being posted to the wrong address,” the Passport Service said in a statement.
“The Passport Service processes in excess of 800,000 applications per year. The Passport Service endeavours to safeguard the personal data of applicants and takes its responsibilities in this regard very seriously,” a spokesperson said.
We monitor closely our compliance rate; in 2018, just 0.006% of the total applications which were processed were subject to a suspected data breach.
The Passport Service said steps have been taken to reduce this figure. This includes reporting all lost passports to Interpol for stop listing, and issuing free replacement passports to affected parties.
A spokesperson said: “Data protection training is a key element of the training programme provided by the Passport Service’s dedicated training unit. All staff are aware of the implications of data protection legislation and their responsibilities.
“Staff are fully informed as to best practice in handling and safeguarding personal data in the workplace. Data protection awareness continues to be a core element of the induction training provided to all new Passport Service staff on commencement of employment.
“The Passport Service has implemented a Clean Desk Policy which seeks to maintain and improve the security and confidentiality of all personal data held by the Passport Service, whilst also mitigating the likelihood of supporting documents or passports being sent to a third party in error.”