The Identity and Passport Service (IPS) has been found in breach of the Data Protection Act after losing a host of passport renewal applications.
The Information Commissioner's Office (ICO) has given the organisation a slap on the wrist, after 21 applications went missing.
Personal data of both the applicants and their countersignatories was included in the lost documents.
The IPS agreed to shore up its IT practices as well as its document handling to ensure such a breach does not occur again.
Neither the ICO nor the IPS could confirm how the document loss happened.
Often when data breaches occur, an explanation on how the information was lost is given, such as CDs being left at bus stops or USB sticks being dropped in carparks.
No such information was forthcoming in the IPS case, even when both organisations were pressed for more details.
An IPS spokesman said the organisation was confident customers "were not subject to any additional risk of identity fraud."
"An internal security review has since been carried out and we have already significantly tightened our processes to prevent such an incident happening again," the spokesman said.
An ICO spokesperson told IT PRO the IPS had not been hit with a fine as it did not meet the criteria for such a punishment.
"A passport is an important identification document and it is clearly of concern that information relating to renewal applications has been lost," said Mick Gorrill, head of enforcement at the ICO.
"However, there is no evidence to suggest that the applications have fallen into the wrong hands and we are pleased that the Identity and Passport Service is taking steps to stop this happening again."
To be levied with a fine, a data controller must have "seriously contravened the data protection principles" and "substantial distress" must have been caused, according to the ICO's guidance.
Furthermore, the breach must either have been deliberate or "the data controller must have known or ought to have known that there was a risk that a contravention would occur and failed to take reasonable steps to prevent it."
The ICO has fined a total of four organisations since it was given additional powers in April 2010. The fines levied add up to 310,000.
The watchdog can fine up to 500,000 for the most serious breaches.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
TikTok to open first European data centre in IrelandNews The move could signify a desire to shift its operations away from the US as well as secure its position in the European market
-
MPs in a muddle over GDPR and storing voters' personal dataNews Labour MP Chris Bryant says his staff were told to delete constituents' data
-
Trump resort will not be charged for breaching data lawsNews Presidential hopeful's Scottish golf course failed to register under the Data Protection Act for four years
-
Banks urged to share data but warned over securityNews Experts voice concern over security of open API recommendations
-
EU centralises European open data through one portalNews Open Data Portal will enable public sector bodies to share information
-
Experts question sheer scale of data storage required by Snooper's CharterNews Who will foot bill for physical infrastructure to house UK's browsing histories?
-
Snapchat's T&Cs update could put user data at riskNews Kaspersky said giving the service permission to share pictures with third parties could lead to a serious breach of privacy
-
Transport Systems Catapult launches data sources catalogueNews Intelligent Mobility Data Index could push forward smart transport innovation in the UK
