[BreachExchange] GOVERNMENT LOSES LEGAL CHALLENGE OVER EXTENT OF DATA BREACH INVOLVING 1, 600 IMMIGRANTS

Mon Jun 18 18:38:22 EDT 2018

https://www.careappointments.co.uk/care-news/england/item/44437-government-loses-legal-challenge-over-extent-of-data-breach-involving-1-600-immig

The Government has lost a legal battle arising out of a data breach when
personal details of almost 1,600 immigrants were published online.

Leading judges in London were asked to rule on the extent of Home Office
liability over the "misuse of private and confidential data" which resulted
from the "error" in October 2013.

In 2016, the High Court awarded damages to a man who was among those whose
details were revealed, but the judge also found the Government liable in
the cases of his wife and teenage daughter - who were not named on the
website - and awarded them damages.

The Home Office and the Home Secretary disputed liability in relation to
the wife and daughter and took their case to the Court of Appeal.

But in a ruling on Friday, Lord Justice Gross, Lord Justice McFarlane and
Lord Justice Coulson dismissed the challenge.

Lord Justice Gross said: "The data error here had serious consequences,
which should not be minimised.

"It was, however, neither the first nor will it be the last of such human
errors, whether made by government departments or others."

The judge said he had "some sympathy with the practical concerns" expressed
by the QC on behalf of the Home Office "seeking to narrow the class of
those to whom the department might incur liability".

But, on the facts of the case, he regarded as "untenable" the submission
that "liability was not incurred" to the wife and daughter.

The case arose out of publication by the Home Office of quarterly
statistics about the family returns process, which is the means by which
those with children who have no right to remain in the UK are returned to
their country of origin.

On October 15 2013 statistics were published by uploading them onto the
UKBA (UK Border Agency) website, but there was a link to a spreadsheet
containing details of 1,598 "lead applicants for asylum or leave to remain".

The error was discovered on October 28 and the spreadsheet was immediately
taken down. There was later a statement in Parliament about the breach.

Lord Justice Gross said that in the cases of lead family members named in
the spreadsheet the Home Secretary "admits the posting of their details on
the Home Office website amounted to a misuse of their private and
confidential information".

At the time the spreadsheet was published the man, referred to as TLT, his
wife TLU and daughter TLV were appealing against a refusal to grant them
asylum and were facing threat of removal to Iran. In May 2014 their appeal
was successful.

Lord Justice Gross said a lawyer for the Home Office had argued that the
spreadsheet contained information relating to TLT but did not convey
anything about the two family members.

It was also argued that the "number of potential claimants should be
limited to the 1,598 lead applicants and should not extend to an unknown
number of other family members".

The appeal judges ruled that the detailed information in the spreadsheet
concerning TLT as the lead family claimant, in the context of the family
returns process, meant that the wife and daughter could "readily be
identified by third parties".

The Home Office's publication of the spreadsheet "misused" their private
and confidential information.

Lord Justice Gross said: "A hallmark of today's world is the ease with
which departments of state and large, private organisations can collect,
store and utilise vast quantities of data.

"In the asylum and immigration context of the 'family returns process',
this appeal highlights the perils of the misuse of private and confidential
data, and the processing of personal data in breach of the statutory
requirements."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180618/c486da7f/attachment.html>