Government loses legal challenge over extent of data breach involving 1,600 immigrants

The Government has lost a legal battle arising out of a data breach when personal details of almost 1,600 immigrants were published online.

Leading judges in London were asked to rule on the extent of Home Office liability over the “misuse of private and confidential data” which resulted from the “error” in October 2013.

In 2016, the High Court awarded damages to a man who was among those whose details were revealed, but the judge also found the Government liable in the cases of his wife and teenage daughter – who were not named on the website – and awarded them damages.

The Home Office and the Home Secretary disputed liability in relation to the wife and daughter and took their case to the Court of Appeal.

But in a ruling on Friday, Lord Justice Gross, Lord Justice McFarlane and Lord Justice Coulson dismissed the challenge.

Lord Justice Gross said: “The data error here had serious consequences, which should not be minimised.

“It was, however, neither the first nor will it be the last of such human errors, whether made by government departments or others.”

The judge said he had “some sympathy with the practical concerns” expressed by the QC on behalf of the Home Office “seeking to narrow the class of those to whom the department might incur liability”.

But, on the facts of the case, he regarded as “untenable” the submission that “liability was not incurred” to the wife and daughter.

The case arose out of publication by the Home Office of quarterly statistics about the family returns process, which is the means by which those with children who have no right to remain in the UK are returned to their country of origin.

On October 15 2013 statistics were published by uploading them onto the UKBA (UK Border Agency) website, but there was a link to a spreadsheet containing details of 1,598 “lead applicants for asylum or leave to remain”.

The error was discovered on October 28 and the spreadsheet was immediately taken down. There was later a statement in Parliament about the breach.

Lord Justice Gross said that in the cases of lead family members named in the spreadsheet the Home Secretary “admits the posting of their details on the Home Office website amounted to a misuse of their private and confidential information”.

At the time the spreadsheet was published the man, referred to as TLT, his wife TLU and daughter TLV were appealing against a refusal to grant them asylum and were facing threat of removal to Iran. In May 2014 their appeal was successful.

Lord Justice Gross said a lawyer for the Home Office had argued that the spreadsheet contained information relating to TLT but did not convey anything about the two family members.

It was also argued that the “number of potential claimants should be limited to the 1,598 lead applicants and should not extend to an unknown number of other family members”.

The appeal judges ruled that the detailed information in the spreadsheet concerning TLT as the lead family claimant, in the context of the family returns process, meant that the wife and daughter could “readily be identified by third parties”.

The Home Office’s publication of the spreadsheet “misused” their private and confidential information.

Lord Justice Gross said: “A hallmark of today’s world is the ease with which departments of state and large, private organisations can collect, store and utilise vast quantities of data.

“In the asylum and immigration context of the ‘family returns process’, this appeal highlights the perils of the misuse of private and confidential data, and the processing of personal data in breach of the statutory requirements.”

Copyright (c) Press Association Ltd. 2018, All Rights Reserved. Picture (c) Kirsty O’Connor / PA Wire.