Except in exceptional cases, where it is in the public interest, it has been the policy of successive Governments not to comment on breaches of security. The Home Office and agencies take all breaches of security including unauthorised disclosure of personal data, very seriously. The Home Office and agencies have measures/policies in place to prevent misuse or abuse of official systems and to detect it where it does occur. Unauthorised disclosures of personal data are both a breach of security and a breach of the civil service code.
The Home Office and agencies are committed to investigating any such breaches and will deal with them in the strongest manner. Depending on the circumstances a range of sanctions are available including disciplinary action, and in extreme or persistent cases, termination of employment/services and, if appropriate, criminal proceedings.
The Security Policy Framework, the Data Handling Report and the National Information Assurance Strategy produced by the Cabinet Office provide a strategic framework for protecting information that Government handle and put in place a set of mandatory measures which Departments must adhere to.