Cabinet Office works to manage fallout of honours data leak calamity
Security advice reportedly offered to those whose details were leaked – which included celebrities such as Ben Stokes and Nadiya Hussain
Credit: Matt Crossick/PA Wire/PA Images
Government officials are offering security advice and guidance to the victims of the New Year Honours data leak after the Cabinet Office published the addresses of recipients.
It is understood that civil servants from different departments are working across government in a bid to ensure that any potential risks to individuals are minimised.
The private addresses of hundreds of high-profile individuals and senior officials, ranging from Sir Elton John (pictured above) to the Cabinet Office’s own newly knighted permanent secretary John Manzoni, were leaked online when the honours list was first published last Friday.
One of those affected, former cabinet minister Iain Duncan Smith, said: “Ministers need to be asking some very serious questions of those involved about how this was allowed to happen and why no final checks were carried out before the document was published."
The former work and pensions secretary, who was knighted in the latest honours list, dubbed the leak a "complete disaster."
- GDPR blamed for doubling of Whitehall’s recorded data breaches
- ICO consults on new data-sharing guidance
- Life hacks – a year at the National Cyber Security Centre
He added: “Everybody knows virtually everything about me. It's much more concerning for private citizens, like those who have been involved in policing or counter-terrorism or other such sensitive cases, to have their addresses published."
Lord Bob Kerslake, a former head of the civil service, called the leak “a serious and indeed extraordinary breach”, given that details about New Year honours recipients is published annually.
“This is a well-established process that has gone on in pretty much the same way for years, so I think an urgent investigation is certainly needed.”
While the leak is “likely to be human error” there are questions over how well staff were trained about the importance of maintaining security, he said.
The Cabinet Office is not commenting on the security advice being given to people whose addresses were made public.
In a statement, a Cabinet Office spokesperson said: "A version of the New Year Honours 2020 list was published in error which contained recipients' addresses. The information was removed as soon as possible. We apologise to all those affected and are looking into how this happened.”
They added: "We have reported the matter to the Information Commissioner’s Office and are contacting all those affected directly."
The ICO has begun an investigation into the leak. In a tweet, it said: “In response to reports of a data breach involving the Cabinet Office and the NY Honours list, the ICO will be making enquiries.”
If the government is found to have breached the General Data Protection Regulation, it could face a fine.
Conservative MP Sir Bernard Jenkin, the former chairman of the public administration and constitutional affairs select committee, said yesterday that “the civil service will be agonising over how this happened. There will clearly be an investigation to establish exactly who decided what. They must publish the findings as soon as possible."
He added that it is "far more important to find out how the mistake was made than to find one individual to punish because it is likely that there was miscommunication or a misunderstanding or an innocent oversight rather than gross negligence or even malice.”
This article originally appears on PublicTechnology sister publication Civil Service World
Health secretary calls on public to embrace technology
Experts discuss what the lasting impact of the pandemic might be for government and the public sector
Alex Chisholm has claimed he does not want the civil service to ‘carry on as we are’
Minister and local MP cite success of ongoing trial on the Isle of Wight
CyberArk's David Higgins explores the cyber risks of hiring independent contractors
CyberArk's John Hurst looks at the true cost of GDPR breaches