The annual report from the Ministry of Defence reveals that the department clocked a big increase during the recently completed year in incidents in which inadequately protected material went missing
The Ministry of Defence recorded 72 incidents when “inadequately protected” electronic equipment, devices or paper documents were mislaid in the 2023/24 year, it has revealed.
The number of times inadequately protected devices and documents were lost from secured government premises climbed from 27 in 2022-23 to 40 last year, the MoD’s annual report shows.
And devices and documents were lost from outside secured government premises on 32 occasions – up from nine the year before.
The figures show the number of physical devices and documents being misplaced has grown over the last few years – with a total of 49 incidents recorded in 2021-22 and 34 in 2020-21. In one widely reported breach in 2021, MoD documents were found in a “soggy heap” at a Kent bus stop, leading to the civil servant in question having their security clearance suspended.
All together, there were 569 protected personal data-related incidents last year that did not require reporting to the Information Commissioner’s Office in 2023-24, up from 550 the previous year.
The department did manage to reduce the number of unauthorised disclosures made by staff, which fell from 464 incidents in 2022-23 to 411 last year. But the number of “other” personal data-related incidents climbed from 49 to 85.
There was just one occurrence of inadequately protected paper documents being insecurely disposed of last year, according to the report – the same as the year before.
There was also only one incident that the MoD had to report to the ICO last year – in which emails containing personal data of MoD personnel were sent to an email address linked to another government. Thirty-three people were affected by the incident, in which names, email addresses, ranks and contact details were erroneously revealed.
Personal data breaches must be reported to the data watchdog if they are deemed likely to threaten people’s rights or freedoms.
Last year, the MoD was fined £350,000 over a data breach in 2021 that divulged the identities of hundreds of Afghan nationals who worked for the UK government in Afghanistan. The ICO said the breach could have resulted in a threat to life if it had fallen into the hands of the Taliban.
Related content
- Major government tech supplier SSCL faces probe after MoD data breach
- HMRC records 60% rise in serious personal data incidents in FY24
- Data from over 100 Treasury staff devices wiped in 2020 after users entered wrong passcode
The increase in recorded data incidents may partly be down to the annual data-protection training for staff being “revised and refreshed” and efforts to promote data-protection awareness, as well as “ongoing technology developments”, the MoD said.
These measures followed a review of incident management in 2023, which examined and led to a change in the department’s method for reporting incidents.
“It is reasonable to infer that these measures have resulted in a higher number of incidents being identified, so that the department can learn and mitigate the likelihood of serious incidents occurring,” the report said.
The MoD’s cyber defence and risk directorate is working to “drive down cyber risk on a number of fronts”, according to the annual report.
Steps it has taken include updating and rewriting cybersecurity policies to make them clearer and more usable; implementation of a “secure by design” approach, which the report says reinforces project managers’ and system owners’ accountability for cybersecurity; and the rollout of a document labelling tool and “automated data-loss prevention activities” to prevent inappropriate sharing through emails.
“The MoD takes the security of its personnel, data and establishment seriously. Every data incident reported, including near misses, is investigated to determine the root cause and the MoD data protection officer’s team works with business areas to reduce the likelihood of reoccurrence,” the report said.
“As most of the incidents relate to human error, training and awareness activities are regularly undertaken to continuously improve staff knowledge and understanding of the data protection principles and the processes and procedures that must be followed to secure data.”
The report added that the MoD’s cyber defence and risk directorate is working to “drive down cyber risk on a number of fronts”.
https://oragoda.tistory.com/entry/2021-스키장-개장일-2022-개장-일정-비교
https://madreviewer.tistory.com/tag/S2220GOS해제
벼룩시장 신문그대로보기 (구인구직, 부동산) 벼룩시장 신문그대로보기 바로가기 그리고 지역별 벼룩시장 종이신문그대로보기 방법 (구인구직, 부동산) 알아볼게요. 교차로신문 같이 벼룩시장은 지역별 일자리, 구인구직, 부동산 등 다양한 정보를 제공해요. 교차로신문그대로보기 바로가기는 아래에서 확인하고, 오늘은 벼룩시장 신문그대로보기 바로가기 그리고 사용법 섹스카지노사이트
Good site! I truly love how it is simple on my eyes and the data are well written. I’m wondering how I could be notified whenever a new post has been made. I have subscribed to your RSS which must do the trick! Have a great day!
Hello there, I found your blog by way of Google while looking for a similar matter, your web site came up, it looks great. I have bookmarked it in my google bookmarks.