Government Urged to Explain Delay in Implementing Data Security Measure
The government is under pressure to clarify why it has not fully acted on the recommendations from a 2023 review into multiple serious public sector data breaches, which affected Afghans who worked with British forces, victims of child sexual abuse, and 6,000 disability claimants.
On Thursday, ministers released the long-awaited information security review, initiated after the 2023 leak of personal data belonging to approximately 10,000 officers in the Police Service of Northern Ireland.
The Cabinet Office investigation examined 11 major public sector breaches, involving HMRC, the Metropolitan Police, the benefits system, and the Ministry of Defence. It identified three recurring issues:
- Insufficient oversight of ad-hoc downloads and exports of sensitive data.
- Sensitive information being sent to unintended recipients due to email errors and misuse of blind carbon copy (bcc).
- Hidden personal data being exposed in spreadsheets meant for public release.
Chi Onwurah, chair of the science, innovation, and technology committee, welcomed the publication of the review, which had been completed 22 months earlier and came just a month after a database of 18,700 Afghans was leaked. However, Onwurah noted: “It’s concerning that it took intervention from my committee and the information commissioner for this to happen.”
The Afghan data breach put individuals at risk under Taliban rule, prompting the UK government to secretly relocate thousands. The government stated it had acted on 12 of the 14 recommendations for strengthening data security. Onwurah questioned: “Why have only 12 of 14 recommendations been implemented? And why was the review kept hidden for so long, even after the 2022 Afghan breach became public?”
She emphasized: “If the government aims to use technology to improve the economy and public services, it must ensure public trust in its ability to safeguard data. Without that, how can people feel safe sharing their personal information?”
Information Commissioner John Edwards urged the government to act “further and faster” to improve Whitehall and public sector data handling. In a meeting with Cabinet Office minister Pat McFadden, he stressed: “As a matter of urgency, the government should fully implement the review’s recommendations.”
It remains unclear which two recommendations remain unfulfilled. Proposals included collaborating with the National Cyber Security Centre on assessing security guidance, launching a cross-government campaign to address poor data practices, and reviewing penalties for negligence.
McFadden and Peter Kyle, the shadow minister, have yet to provide further details.
Read next
"Tesla proposes $1 trillion compensation deal for Elon Musk"
Elon Musk Could Reach Trillionaire Status Under Tesla’s New Plan
Elon Musk may become the first trillionaire if Tesla meets certain ambitious targets outlined in a recent company announcement.
The electric vehicle manufacturer detailed the terms of the incentive plan—which is unlike any other in corporate history—in
"Google hit with €3bn EU fine for ad tech market dominance abuse"
CuriosityNews Reports: EU Fines Google €2.95bn Over Advertising Rules Breach
European Union officials on Friday imposed a €2.95bn ($3.5bn) penalty on Google for violating competition regulations by giving preferential treatment to its own digital advertising services. This marks the fourth such antitrust fine for the company and
"Anthropic to pay $1.5bn in book piracy case settlement"
Artificial intelligence firm Anthropic has agreed to pay $1.5 billion to resolve a class-action lawsuit filed by authors who allege the company used unauthorized copies of their books to train its chatbot.
The settlement, pending approval by a judge as early as Monday, could signal a shift in legal