Ministers published an information security review into 11 public sector data breaches, prompted by a 2023 leak of about 10,000 Police Service of Northern Ireland officers’ personal data. Breaches affected HMRC, the Metropolitan police, the benefits system and the MoD, and exposed Afghans who worked with the British military, child sexual abuse victims and thousands of disability claimants. The review identified three common failings: poor controls on ad hoc data downloads and exports, sensitive information sent to wrong recipients or without bcc, and hidden personal data in spreadsheets. The government reports 12 of 14 recommendations implemented. Concerns remain about the delayed publication, the two outstanding recommendations and the impact on public trust and individual safety.
The review by Cabinet Office officials into 11 public sector data breaches, encompassing the HMRC, the Metropolitan police, the benefits system and the MoD, found three common themes: A lack of controls over ad hoc downloads and exports of aggregations of sensitive data. The release of sensitive information via wrong recipient emails and failure to use bcc properly. Hidden personal data emerging from spreadsheets destined for release.
The government is facing calls to explain why it has yet to implement all the recommendations from a 2023 review into a spate of serious public sector data breaches, including the exposure of Afghans who worked with British military, victims of child sexual abuse and 6,000 disability claimants. On Thursday ministers finally published the information security review, which was triggered by the 2023 leak of personal data of about 10,000 serving officers in the Police Service of Northern Ireland.
Collection
[
|
...
]