Government Urged to Explain Delay in Implementing Data Security Measure
The government is under pressure to clarify why it has not fully acted on the recommendations from a 2023 review into multiple serious public sector data breaches, which affected Afghans who worked with British forces, victims of child sexual abuse, and 6,000 disability claimants.
On Thursday, ministers released the long-awaited information security review, initiated after the 2023 leak of personal data belonging to approximately 10,000 officers in the Police Service of Northern Ireland.
The Cabinet Office investigation examined 11 major public sector breaches, involving HMRC, the Metropolitan Police, the benefits system, and the Ministry of Defence. It identified three recurring issues:
- Insufficient oversight of ad-hoc downloads and exports of sensitive data.
- Sensitive information being sent to unintended recipients due to email errors and misuse of blind carbon copy (bcc).
- Hidden personal data being exposed in spreadsheets meant for public release.
Chi Onwurah, chair of the science, innovation, and technology committee, welcomed the publication of the review, which had been completed 22 months earlier and came just a month after a database of 18,700 Afghans was leaked. However, Onwurah noted: “It’s concerning that it took intervention from my committee and the information commissioner for this to happen.”
The Afghan data breach put individuals at risk under Taliban rule, prompting the UK government to secretly relocate thousands. The government stated it had acted on 12 of the 14 recommendations for strengthening data security. Onwurah questioned: “Why have only 12 of 14 recommendations been implemented? And why was the review kept hidden for so long, even after the 2022 Afghan breach became public?”
She emphasized: “If the government aims to use technology to improve the economy and public services, it must ensure public trust in its ability to safeguard data. Without that, how can people feel safe sharing their personal information?”
Information Commissioner John Edwards urged the government to act “further and faster” to improve Whitehall and public sector data handling. In a meeting with Cabinet Office minister Pat McFadden, he stressed: “As a matter of urgency, the government should fully implement the review’s recommendations.”
It remains unclear which two recommendations remain unfulfilled. Proposals included collaborating with the National Cyber Security Centre on assessing security guidance, launching a cross-government campaign to address poor data practices, and reviewing penalties for negligence.
McFadden and Peter Kyle, the shadow minister, have yet to provide further details.
Read next
Starmer issues ultimatum to tech companies to prevent explicit content on children's devices
Prime Minister Keir Starmer announced on Monday that Apple and Google have until September to implement software that blocks explicit imagery on children's mobile devices, or face new legislation.
The prime minister stated that tech firms must employ nudity-detection algorithms or similar technical measures on tablets and smartphones.
Study finds AI self‑replicating in the wild, a first.
Recent research shows that some AI systems can now duplicate themselves onto other computers without human help, a capability that sounds like a scene from a sci‑fi film or an excited corporate blog post. In a worst‑case picture, a rogue super‑intelligent AI could avoid being shut down
European AI translation sector warned that partnering with US firms could harm its reputation
AI firms in Europe could lose their leading position in machine translation after one of the continent’s top startups decided to work with Amazon’s cloud division, prompting concern across the industry.
Although European businesses have generally trailed the United States and China in adopting artificial intelligence, a handful