Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Home Office reprimanded after sensitive counter-terror documents left at London venue

Counter Terrorism Policing report and documents by government extremism unit found by venue staff

Lizzie Dearden
Home Affairs Editor
Friday 07 October 2022 12:54 EDT
Comments
The Home Office in Westminster, London (Kirsty O’Connor/PA)
The Home Office in Westminster, London (Kirsty O’Connor/PA) (PA Archive)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

The Home Office has been reprimanded by a watchdog after sensitive documents relating to terrorism at a public venue in London.

The Information Commissioner’s Office said the venue’s staff found an envelope containing four “official sensitive” documents in September last year and handed them to police.

“A government investigation concluded the Home Office was the most likely source of the documents,” a statement added.

“The reprimand has been issued to the home secretary, as the data controller for the Home Office.”

The documents included two reports by the government’s Extremism Analysis Unit, which analyses ideologies that have an impact on British interests and security.

There were also two copies of a Counter Terrorism Policing report on an unnamed visa applicant who was seeking to travel to the UK.

The ICO did not identify the location where the documents were found but said it was a public venue in London.

It said that the documents were marked official-sensitive and contained specific handling instructions aiming to ensure security and confidentiality.

“The handling instructions for the reports were not followed as they were found unsecured in a venue in London, where they were accessed by unauthorised individuals,” said a letter from the ICO to Home Office permanent secretary Matthew Rycroft.

“[The Home Office] first became aware of the breach on 6 September 2021, however the breach was not reported to the ICO until 4 April 2022.”

The statutory time limit for reporting data breaches to the ICO is 72 hours but officials chose to launch an internal investigation by the Cabinet Office’s Government Security Group instead.

The ICO said the Home Office has subsequently put in place measures to ensure similar documents are given unique reference numbers.

It recommended a review of the handling instructions around official-sensitive information, consideration of a sign out process when documents leave government premises, and a review of training provided to staff around the handling of records containing personal data.

Information Commissioner John Edwards said: “Government officials are expected to work with sensitive documents in order to run the country.

“There is an expectation, both in law and from the people the government serves, that this information will be treated respectfully and securely. In this instance that did not happen, and I expect the department to take steps to avoid similar mistakes in the future.”

A Home Office spokesperson said it would take the ICO’s recommendations into consideration but insisted that the UK has “one of the most robust and transparent oversight regimes for the protection of personal data and privacy anywhere in the world”.

A statement added: “We continue to ensure that robust controls and independent oversight are in place to ensure we are fully compliant with requirements on processing of personal data.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in