Question to the Home Office:

To ask the Secretary of State for the Home Department, for what reasons sponsor employers are required to submit large volumes of sensitive information without the routine use of protective measures such as password‑protected files or encrypted transfer systems.

The Home Office routinely requires additional evidence from sponsors. The evidence requested is proportionate to the purpose of its use.

The Home Office has appropriate technical and organisational safeguards in place and applies a sensible, risk-based approach in line with Article 32 of the GDPR.

Inbound data is received to secure gov.uk accounts, managed by security cleared persons. Teams are assigned to manage only certain application strands to reduce risk of data integrity compromise, with data being uploaded onto immigration systems promptly.