Identity and Passport Service found in breach of Data Protection Act

The Identity and Passport Service (IPS) is the latest body to be taken to task for breaching the Data Protection Act (DPA).

The Information Commissioner's Office (ICO) revealed today that the IPS lost the passport renewal applications of 21 individuals in May 2010. The paperwork included the personal data of both the applicants and their counter signatories.

But the ICO does not plan to fine the IPS because it said the body has "shown itself to be taking steps to prevent this happening again".

The chief executive of the IPS, Sarah Rapson, has signed an undertaking to comply with the DPA, pledging to ensure that staff are aware of policies for the storage and use of personal data and IT security, and that they are trained in how to follow them.

The undertaking also commits the IPS to carrying out and documenting regular inspections of its data security processes.

Mick Gorrill, head of enforcement at the ICO, said: "A passport is an important identification document and it is clearly of concern that information relating to renewal applications has been lost. However, there is no evidence to suggest that the applications have fallen into the wrong hands and we are pleased that the Identity and Passport Service is taking steps to stop this happening again."

A spokesman for the Identity and Passport Service (IPS) said: "IPS takes the security of its customer data extremely seriously. Following the loss of details relating to the 21 passport applications, IPS took immediate action to cancel the application information. We are confident that customers were not subject to any risk of identity fraud.

"An internal security review has since been carried out and we have already significantly tightened our processes to prevent such an incident happening again," he said.

"During the past five years IPS has safely handled more than 25 million passport applications."