Government agency UKvisas failed to put in place adequate controls when outsourcing work to private firms, risking the security of personal data, an official investigation has found.
The report by UKvisas watchdog Linda Costelloe Baker slammed the outsourcing of the UK visa application website to VFS – a firm that was not an IT specialist – along with the poor performance of the firm and the failure to respond adequately when a security breach was first revealed in December 2005.
The inquiry was launched after the site was closed down in May this year following publicity over the security scare – in which personal details of visa applicants in India, Nigeria and Russia became accessible to computer hackers.
Costelloe Baker said: “Outsourcing may relieve practical burdens, but headquarter functions and abilities need to be expanded accordingly to handle the increased levels of risk. I am not satisfied that UKvisas exercised adequate governance over the outsourcing process in so far as the security of personal data was concerned.”
In response, UKvisas said “detailed provisions” on data protection had been included in outsourcing deals signed in February 2007.
The agency has also created the new role of chief information officer, with responsibility for data security, it said.
Sign up to our weekly round-up of HR news and guidance
Receive the Personnel Today Direct e-newsletter every Wednesday
The investigation follows fears that the outsourcing deals could increase the risk of potential terrorists getting jobs in the UK.
Immigration expert Liam Clifford told Personnel Today in July that he was “extremely concerned” that removing government employees from the application process would be “a huge security risk for the public”.