The Foreign and Commonwealth Office has reported five significant data breaches to the Information Commissioner's Office in the last financial year.
The losses, affecting less than 188 people in total, were disclosed within the department's resource accounts for the year ending 31 March, 2008.
The accounts show that, in September 2007, the Foreign and Commonwealth Office (FCO) lost data on 70 people, including their names, addresses, dates of birth and family details, through the loss of a computer, "outside secured government premises". In December, information on 36 people, including passport numbers, financial and employment details, was lost on paper, again outside government offices.
The only serious breach caused by unauthorised disclosure by a contractor, rather than by lost equipment or documents, was in May last year. The FCO said less than 50 people were affected by that breach, which was reported publicly.
That breach appears to be related to vulnerabilities with the UK visa-application website, run by contractor VFS in India.
The Information Commissioner's Office (ICO) found that the FCO had breached the Data Protection Act as a result of the breach, and the department signed a formal undertaking to comply with the Act in future. The FCO was not able to provide immediate further comment.
The Department for Environment, Food and Rural Affairs (Defra), in its resource accounts, said it reported two incidents to the ICO during 2007-08.
One incident, involving the loss of payslips in November, affected 14 people. The department has since stopped printing full bank-account details on its payslips, and said it will use Royal Mail special delivery for deliveries to the office concerned.
The second incident, in January, concerned the unauthorised disclosure of one person's name, employment record and skills.
In a summary table of events not deemed serious enough to be reported to the ICO, Defra said that it had experienced 15 further incidents of lost data, either on paper or on "inadequately protected electronic equipment". Five of those incidents occured within secure government premises and 10 outside.
The FCO's equivalent table reported one loss of data within government premises, two outside and one unauthorised disclosure.
