A Member of the Senedd has raised serious concerns about the handling of personal information by the Department of Work and Pensions (DWP).
Clwyd South MS Ken Skates (pictured above) found there had been more than 6,000 data breaches – termed ‘security incidents’ – by the UK Government’s biggest public service department since April 2019.
Mr Skates submitted a Freedom of Information request to the DWP, which is responsible for all benefits and state pensions, after being contacted by a recently bereaved constituent who had received letters containing the personal details of two other individuals.
He said: “My constituent had just lost her husband and was having to deal with the DWP regarding his pension. She had numerous issues from the outset, which is the last thing anyone needs when they’ve just lost a loved one, but it culminated in her receiving two letters with the names, addresses, dates of birth and National Insurance numbers of two complete strangers.”
Mr Skates’ constituent, who lives in Bangor-on-Dee, said: “I couldn’t believe it – two other people’s personal information there in black and white. It made me think that if I’ve received those letters then is my or my husband’s information being sent to other people? How many other people has this happened to? It’s extremely concerning.
“After I contacted the DWP to tell them I was told over the phone it had been ‘dealt with’, whatever that means. How was it dealt with and how can they assure people it won’t happen again?”
Mr Skates raised his concerns urgently with the DWP and asked how the errors occurred, how the breach had been dealt with and what action has been taken to ensure similar incidents don't happen again. In his representations to the DWP on October 7, Mr Skates also asked whether those whose details were mistakenly shared had been notified of the breach.
He said: “I submitted a Freedom of Information request to the DWP, and it transpires that there have been thousands of what they refer to as ‘security incidents’ in the past few years. That works out errors like this happening around five times every single working day since April 2019.”
The figures provided to Mr Skates show there were 1,795 recorded incidents in the 2019 financial year; 2,242 in 2020; 1,426 in 2021 and a further 756 between April 1 and October 18 this year.
Mr Skates added: “People will be rightly worried by these numbers, so I sincerely hope the UK Government is able to offer strong reassurances that appropriate action will be taken to make sure that in future people’s personal information is treated with more care and respect.”
Mr Skates received a formal response from the DWP on November 7.
It stated: “The mistake occurred through human error. The member of staff printing and posting the home worker letters on that day had included several pieces of correspondence in one envelope.
“We have regrettably been unable to identify an individual responsible for issuing this particular letter as several staff covered this role. We are reviewing our home worker letter process and it is being improved to enable us to identify who issued specific correspondence.
“A meeting has been held with Team Leaders who have been appraised of the issue. Team Leaders have been asked to speak with their team members about the breaches, impact and consequences, and the need to be vigilant when issuing correspondence.”
On the question of whether those whose details were shared had been notified of the breach and received apologies, the DWP said: “This is being taken forward and all actions to identify other parties and offer apologies will be completed within the week.”
The letter added: “I would like to sincerely apologise for the mistake in the correspondence from us, and for any concern and inconvenience this may have caused. We aim to provide excellent service to all our customers, and I am very sorry that on this occasion we fell short.”
Mr Skates said he would also write to the UK Government’s new Secretary of State for Work and Pensions, Mel Stride, with his concerns.