Photo credit: www.theguardian.com

Concerns Raised Over Home Office Data Collection Practices

The Home Office is facing scrutiny after allegations emerged that it has been gathering information on potentially “hundreds of thousands” of unaware British citizens in the process of conducting financial assessments for migrants.

A report related to a standard immigration application was inadvertently shared with a charity by a government employee. This document reportedly contained sensitive details about more than 260 individuals, including their names, birth dates, and electoral roll information.

The individuals mentioned in the report seem to be linked to the applicant based solely on shared previous addresses or postcode areas, with some listed as far back as 1986. The document, obtained by the Observer, was generated by the credit reporting company Equifax on June 25, 2024, and was sent to a caseworker at the Refugee and Migrant Forum of Essex and London (Ramfel) later that same day.

This report was part of an immigration fee waiver application process, which necessitates financial verification to establish if applicants are unable to afford the standard visa or nationality fees. Over 80,000 of these applications were submitted in the year leading up to September 2024.

Nick Beales, head of campaigning at Ramfel, emphasized that the disclosure of such a number of individuals in a single report raises significant concerns, suggesting the Home Office may be excessively collecting financial data on a vast number of uninformed British citizens.

The credit agency Equifax has a troubled history, previously involved in one of the largest data breaches in history back in 2017. This recent report included a disclaimer that stated, “The volume and nature of the information available on this service makes it impractical for Equifax Ltd to verify it … This service is made available only for your own private or in-house purposes.”

Beales expressed frustration, noting that the Home Office did not respond to an initial notification about the data breach. The charity escalated their concerns in a letter to Matthew Rycroft, the Home Office’s permanent secretary, in November.

In this correspondence, they highlighted troubling issues regarding transparency, privacy, and the potential for unauthorized data collection. The letter questioned whether data pertaining to third parties was eliminated after its intended use and what protocols were in place to limit unnecessary data collection and sharing. However, the response received in December failed to directly address these inquiries.

Joanna Rowland, director general of the Home Office’s customer services group, issued a response saying she could not comment on specific procedures but assured that the Home Office strives to comply fully with UK General Data Protection Regulations and data protection legislation. This includes processing only the minimal necessary personal data for operational purposes and ensuring any non-essential data is appropriately deleted.

The Home Office has indicated that it is reviewing the situation to determine if a data breach has occurred and stated that it no longer relies on Equifax for processing visa fee waivers.

Recent government data reveals a sharp uptick in immigration fee waiver requests, correlating with the Conservative government’s decision to increase the immigration health surcharge from £624 to £1,035 annually for most adult visa applicants in February 2024. Applications indicating an inability to pay surged from 13,600 in the last quarter of 2023 to 25,600 from July to September 2024, as backlogs continue to mount.

Beales noted, “With application costs nearing £4,000 for leave to remain, adding intrusive financial checks for those on low incomes or disability benefits is clearly unwarranted. Eliminating these checks could help the Labour government streamline the visa process, reduce significant delays, and prevent the unwarranted collection of third-party data without consent.”

Equifax maintains relationships with various government departments and public entities, including the Department for Work and Pensions, HM Revenue & Customs, the Ministry of Defence, and the NHS Business Services Authority. In 2023, the firm faced an £11m fine from the Financial Conduct Authority due to a significant data breach exposing information on nearly 14 million UK consumers.

A representative from Equifax UK refrained from commenting on the specific incident but cited legal guidelines that assert credit reference agencies are not obligated to seek consent for data collection, operating instead on “legitimate interest” as defined by data protection laws. Meanwhile, a spokesperson for the Home Office reiterated the seriousness of any potential data breaches and affirmed the commitment to ongoing training and stringent safeguards for protecting personal data.

Source
www.theguardian.com