In an embarrassing slip-up for the British government, the addresses of more than 1000 New Years honours recipients have been published online. The file was apparently uploaded to an official website on Friday evening before being taken down again on Saturday.
Those who had their details leaked included politicians, senior police officers, and a number of celebrities – including Sir Elton John, cricketer Ben Stokes, and TV cook Nadiya Hussain.
In his analysis for the BBC, Rory Cellan-Jones writes:
There is no doubt that this is a serious data breach and the government, of all organisations, should be better acquainted with the law on disclosing sensitive personal information.
But while some of the celebrities and the police officers awarded honours may be concerned about their privacy and security, it would have been far more serious if the home addresses of those on the list of gallantry awards had been leaked.
The Information Commissioner’s Office has so far only levied one fine under the new Data Protection Act which came into effect in 2018 – a London pharmacy was fined £275,000 for careless storage of the very sensitive medical data of half a million people.
Lawyers who specialise in data protection think the ICO will see this as a less serious case of human error and may let the Cabinet Office escape with a warning about improving its practices.
But they say much now depends on the attitude of those who have seen their data leaked – they could decide to bring civil claims against the government for putting in the public domain information many of them have been determined to keep private.
This is again a demonstration that it is not just private businesses that can run afoul of data protection laws. Public bodies – including the government – can do so as well.
It’s extremely worrying that a breach like this can happen. Announcing the New Years Honours list is a high-profile event, as are many of the people included on the list. This could have serious consequences.
Although Cellan-Jones believes the Cabinet Office may get off lightly with just a warning, it remains to be seen how the ICO will respond. But whatever happens next, data protection practices should definitely be looked at closely within government.
If you’re concerned about your own data protection measures, get in touch with Activa Consulting today and let us help you improve your organisation!