Home Office seeks three CTOs to keep borders, passports, and core IT ticking

The UK Home Office has launched a recruitment drive for three chief technology officer positions within its Home Office Digital division, targeting leaders to oversee critical systems that handle sensitive personal data for millions of people each year. Two of the roles sit within the Migration and Borders Digital unit, which manages passenger eGates, electronic travel authorizations, visa and asylum application platforms, and digital identity systems. The third role leads the enterprise services unit, responsible for core IT infrastructure, networks, and end-user services for more than 35,000 Home Office staff. Salaries for the positions range from £81,000 to £105,000 annually, with applications closing at 11:55pm BST on Sunday, May 24, 2026, and interviews expected to take place in early July.

Mike McCarthy, the Home Office’s director general for digital and innovation, joined the department in January 2026 after a tenure at consultancy McKinsey and eight years in the British Army’s Corps of Royal Engineers. According to a job ad published last September, McCarthy earns £160,000 annually, oversees a team of 4,000 people, and manages a budget of £1.8 billion. In materials accompanying the CTO job ads, McCarthy highlighted recent departmental milestones, including passport renewal processing times of 48 hours from application to dispatch, 76 million annual UK border crossings supported by airport eGates, and electronic travel authorization decisions delivered in 45 seconds. He noted that Home Office Digital has moved most technology services to the cloud, reducing costs while improving efficiency.

McCarthy’s appointment is part of a broader expansion of the Home Office’s digital capabilities, with recent government commitments including £20.5 million for a drone tracking system, £216 million added to a travel document contract prior to bidding, and £15 million for AI-powered crime mapping targeting knife violence. The department is also contributing to the government’s digital ID reboot, a project that has raised questions about data privacy and surveillance similar to earlier Blair-era digital identity proposals.

The systems these CTOs will manage are subject to strict data protection regulations, as they process vast volumes of personal data, including special category biometric information such as facial scans from eGates and fingerprints from visa applicants. The primary regulatory framework is the UK General Data Protection Regulation (UK GDPR), enforced by the Information Commissioner’s Office (ICO), alongside the Data Protection Act 2018 and the Biometrics Code of Practice issued by the Biometrics and Surveillance Camera Commissioner. For visa applicants and users resident in California, the California Consumer Privacy Act (CCPA) may also apply to their personal data processing.

Under UK GDPR Article 9, biometric data is classified as special category data, requiring explicit consent from individuals for processing, plus additional safeguards including data minimization, purpose limitation, and strict access controls. The Home Office must also comply with Articles 15 to 22 of UK GDPR, which grant individuals rights to access their stored data, request corrections or deletions, and object to processing. Non-compliance with these regulations can result in fines of up to £17.5 million or 4% of global annual turnover, whichever is higher.

The appointment of these CTOs will directly impact the data rights of millions of people. The Migration and Borders Digital systems alone handle 76 million border crossings via eGates each year, plus all UK passport applications, visa submissions from overseas nationals, and asylum claims. Mishandling of this data, whether through a security breach, biased algorithmic decision-making, or non-compliant data sharing, can have severe consequences for individuals. A breach of biometric data could expose people to identity theft, while errors in automated visa processing systems could lead to wrongful denial of entry or asylum claims.

The enterprise services CTO will oversee IT systems for 35,000 staff, meaning vulnerabilities in internal networks or end-user devices could lead to unauthorized access to sensitive personal data. The Home Office’s shift to cloud services introduces additional compliance considerations, cloud providers must be vetted for GDPR compliance, with data processing agreements in place to ensure personal data is not transferred to jurisdictions with inadequate data protection standards without proper safeguards, such as standard contractual clauses.

As the Home Office expands its digital services, the new CTOs will be responsible for scaling existing systems, integrating new digital identity frameworks, and maintaining uptime for public-facing services that millions rely on. Each role requires a minimum three-year commitment, though this is not a contractual requirement, and successful applicants must undertake Security Check level national security clearance. Bases are available in Cardiff, Croydon, Glasgow, Manchester, or Sheffield.

Digital rights advocates note that while the Home Office touts efficiency gains in processing times, transparency around automated decision-making remains critical. The electronic travel authorization system, which delivers decisions in 45 seconds, uses automated processing restricted under UK GDPR Article 22 unless explicit consent is given, the decision is necessary for a contract, or authorized by law. Individuals have the right to human intervention in automated decisions, a safeguard that the new CTOs must ensure is built into these systems. The recruitment drive comes as the UK government continues to develop its digital identity framework, which will require strict adherence to data protection standards to prevent misuse of personal information.