Below is the text of the statement made by Caroline Nokes, the Minister for Immigration, in the House of Commons on 11 April 2019.
The EU settlement scheme is an integral part of protecting the rights of EU citizens who have made their homes here in the UK, giving them an easy way of demonstrating their status in this country so that in years to come we do not find ourselves in a position where people have issues making clear the rights that they have. The scheme, which is free of charge, is performing well and over 400,000 EU citizens have already applied, with over 50,000 applications received on the opening weekend.
The Home Office receives a large number of enquiries in relation to the scheme. When responding to generic enquiries, responses are sent in batches. The process for this is such that recipients would not normally be able to see the other email addresses. Regrettably, it has come to my attention that on Sunday 7 April three emails were sent that did not follow the appropriate procedure and 240 email addresses were made visible to other recipients. No other personal data was included in the communication.
We have written to all individuals who received this email to apologise. The departmental data protection officer has been informed and the Department has voluntarily notified the Information Commissioner’s Office of the incident. An internal review is also underway to determine the details of what happened and the lessons that need to be learned.
The Home Office takes its data protection responsibilities very seriously and is committed to the continued improvement of its performance against the UK’s high data protection standards. As a Department we have been taking steps to ensure we have the culture, processes and systems in place to treat the public’s personal data appropriately.
As a further immediate step we have put in place strict controls on the use of bulk emails when communicating with members of the public to ensure this does not happen again as lessons are learned. An independent review of the Department’s compliance with its data protection obligations has also been commissioned which will be led by non-executive director Sue Langley and will report in due course.