The government agency charged with handing out work visas has been forced to produce a four-point plan to improve security after a damming report by the Information Commissioner.
UK Visas signed the undertaking with the Information Commissioner’s Office (ICO) after breaches of the Data Protection Act 1998 were revealed in a website run by its contracted partner VFS.
The undertaking includes four commitments:
The VFS online application websites will not be re-opened, and will be replaced by Visa4UK, the UK Visas online application facility.
A strategic review of data processing will be undertaken by UK Visas to strengthen Data Protection Act risk management processes, and a detailed audit carried out of the data processors’ data security procedures.
Regular monitoring of the visa4UK website will be undertaken to ensure the systems in place to provide effective protection against unauthorised access are operating correctly.
Adequate and relevant data protection training will be given to all UK Visas staff on an ongoing basis.
Mark Sedwill, director of UK Visas, said: “UK Visas takes data security very seriously – the confidence of our customers and the public in the immigration system is crucial.
“That’s why we immediately shut down the VFS websites in May, accepted all the recommendations made by the independent investigator in her report published in July, and have co-operated fully with the ICO.”
Mick Gorrill, assistant commissioner at the ICO, said organisations had a duty under the Data Protection Act to keep personal information secure.
“We investigate any organisation in breach of the Act and will not hesitate to take appropriate action,” he added.