Public Services > Central Government

Homes and Communities Agency suffers ‘limited’ information security policy breach

Matteo Natalucci Published 12 October 2017

HCA said it has notified the Information Commissioner, which is expected to investigate the breach


The Homes and Communities Agency has said it has notified the Information Commissioner’s Office (ICO) of a limited information security policy breach that it suffered on Monday.

Ahead of the introduction of EU General Data Protection Regulation (GDPR), even minor breaches are now considered relevant and promptly reported, by UK government agencies.

The incident reported saw an email sent in three batches to a total of 508 housing associations which made visible other recipients' email addresses. 

In a statement the agency, an executive non departmental public body sponsored by the Department for Communities and Local Government (DCLG), said, “While the information disclosed was not sensitive, we are taking this breach very seriously and apologise unreservedly”.

“This incident should not have happened and we are committed to acting transparently with all relevant parties. We are in the process of contacting all of the providers affected by the breach and we are taking urgent steps to ensure this never happens again,” it added.

An ICO spokesperson pointed out to Government Computing that under the Data Protection Act (DPA) “they (HCA) are not required to notify us, although it is good practice for serious breaches”

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.