Passport office escapes ICO fine after data loss

The Information Commissioner's Office (ICO) has reprimanded the Identity and Passport Service (IPS) for losing 21 passport renewal applications, but stopped short of imposing a fine for the breach.

The loss occurred in May 2010, and the IPS immediately informed the ICO and the 21 individuals concerned, all of whom received new passports. No complaints were made, and the IPS claimed that no damage resulted from the loss.

Mick Gorrill, head of enforcement at the ICO, said that the watchdog was concerned at the loss of such important information, but is satisfied that the IPS has taken the right action to ensure that it could not happen again.

"A passport is an important identification document and it is clearly of concern that information relating to renewal applications has been lost," he said.

"However, there is no evidence to suggest that the applications have fallen into the wrong hands, and we are pleased that the IPS is taking steps to stop this happening again."

IPS chief executive Sarah Rapson has signed an undertaking to ensure that staff are aware of policies for IT security and the storing and use of personal data.

The IPS also agreed to carry out regular inspections of the security methods used for the processing of personal data, and to undertake regular audits where an appointed data processor carries out certain tasks on its behalf.

The announcement follows a number of recent blunders by government organisations. Ealing Council and Hounslow Council were fined £80,000 and £70,000 respectively earlier this month after losing details of 1,700 clients between them.

Gwent Police, meanwhile, mistakenly sent details of 10,000 individuals to a journalist, and a contractor for Isle of Anglesey County Council sent letters containing information on benefit entitlement, income and savings to the wrong people.