Cabinet Office to undergo independent review of data-handling after honours blunder

Written by Sam Trendall on 14 January 2020 in News

Department makes changes to IT systems and processes

Credit: Karl-Josef Hildenbrand/DPA/Press Association Images

In the light of the New Year honours data leak, the Cabinet Office is to subject itself to an independent review of processes and departmental culture related to its handling of data.  

After the home addresses of New Year honours recipients were mistakenly available publicly for more than three hours, the department’s minister Oliver Dowden has also told the Government Digital Service to “improve their processes to ensure all access to data can be removed much more rapidly” in the event of any future breaches.

The scope of the wider investigation into the department’s handling of data will include “process, culture, policy and practice”, the minister said.

“It will establish whether appropriate controls are in place around the storage, sharing and deletion of personal data, including learning lessons from this case,” he added. 

In a statement to the House of Commons, Dowden said that the accidental publication of the addresses of 1,097 honours recipients was “a result of human error”.

Related content

However, he added that “the New Year 2020 honours round was the first to use a new IT system from which a report was downloaded to create a file for publication”.

“The sensitivities around address data had been identified as a risk and previous versions of the file prepared for publication had not included address data,” Dowden said. “As part of the final checking process, further amendments were made to the file and a version of the file, including address data, was mistakenly sent for publication.”

The file was published online at 10.30pm on 27 December, and the team responsible was made aware of the mistake at 11pm.

The Cabinet Office minister said that “the link was removed from the Cabinet Office web page within 10 minutes” of this.

But it then “took a further 150 minutes to close the link to the document and remove the page altogether”.

“In this intervening period, those who opened the link or had the web page address could still open the document,” Dowden said.

This means that the addresses of honours recipients – including celebrities such as Elton John, Ben Stokes, and Nadiya Hussain – were publicly available online for more than three hours. 

“Appropriate management action will be taken in response to this incident,” Dowden said. “Changes have already been made to ensure the relevant IT system generates reports containing only data that is suitable for publication, removing the scope for further human error. I have also instructed the Government Digital Service to improve their processes to ensure all access to data can be removed much more rapidly when required.”

The Cabinet Office reported the incident to the Information Commissioner’s Office on 28 December and the minister said that “will cooperate fully with its ongoing inquiries”.


About the author

Sam Trendall is editor of PublicTechnology

Share this page




Please login to post a comment or register for a free account.

Related Articles

HMRC launches £140m procurement to support comms digitisation
26 April 2023

Five-year contract will cover all incoming and outgoing messages and ambition to operate in ‘similar ways to leading private sector companies’

Consultation reveals widespread opposition to proposed data-sharing laws for government login system
26 May 2023

Overwhelming majority of respondents voice disapproval but government will press on with plans to bring forward legislation

Interview: CDDO chief Lee Devlin on the ‘move from being disruptive to collaborative’
23 May 2023

In the first of a series of exclusive interviews, the head of government’s ‘Digital HQ’ talks to PublicTechnology about the Central Digital and Data Office’s work to unlock £8bn...

HMRC finds strong support for online Child Benefit claims – but ‘digital by default’ would cause problems for one in five users
17 May 2023

Department publishes findings of study conducted ahead of planned digitisation initiative

Related Sponsored Articles

Proactive defence: A new take on cyber security
16 May 2023

The traditional reactive approach to cybersecurity, which involves responding to attacks after they have occurred, is no longer sufficient. Murielle Gonzalez reports on a webinar looking at...