Officials’ personal info published online by government lawyers in ‘regrettable’ data leak
Government Legal Department is investigating after names of civil servants were not removed from transparency documents
Credit: Gustavo Ferreira Gustavo/Pixabay
The Government Legal Department has launched an investigation after a data leak in which the names of civil servants claiming expenses was published online.
Documents showing officials' names were published on GOV.UK accidentally and stayed up for a week. The dossier showed credit-card spend at the department of more than £500 between November 2021 and May 2022, which must be published by law for transparency reasons.
The figures included £1,120 spent on a pottery class as part of a team-building day, which 35 officials took part in – a cost of £32 per head.
It also included the names of civil servants, which should not be revealed under data-protection regulations.
The department said it is “investigating this regrettable incident under data-protection rules and reviewing the process which resulted in the names of some staff members being released accidentally on a public website”.
A spokesperson for GLD, which gives legal advice on policy, said the department would not be "commenting publicly further at this time”.
- ICO set to issue fewer public sector fines to avoid ‘data breach victims being punished twice’
- What now for the UK’s data-protection regime?
- Trade department sees rise in fraud and data breaches in FY22
Shadow attorney general Emily Thornberry on Sunday criticised the data leak and took aim at the department's use of funds.
She told the Sun: “I don’t know what’s worse, the attorney-general breaching her own data-protection rules by mistake or her civil servants spending their working days painting pottery. Either way, it’s yet more evidence of a zombie government, lurching aimlessly from one calamity to the next.”
A government source told the newspaper the ceramics painting was took up only part of one training day.
In criticising the away day, Thornberry mimicked recent attacks from attorney general Suella Braverman and government efficiency minister Jacob Rees-Mogg on learning and development courses currently offered to civil servants.
Braverman said earlier this month that she has ordered GLD officials to scrap diversity training after finding staff had spent nearly 2,000 hours on courses last year – around 40 minutes per staff member.
The same week, Jacob Rees-Mogg said officials need "focused learning, not woke folderol" such as courses on privilege.
Thronberry pointed to Braverman's previous comments in a tweet today responding to GLD's announcement it would launch a data breach investigation.
“It seems very odd that Suella Braverman was so furious about her staff doing diversity training but thinks painting pottery instead is just fine," she said.
The GLD error is one of several high-profile data breaches in the last year.
In February, the Department for Levelling Up exposed civil servants' personal data by not properly redacting personal details from a contract document, as revealed by PublicTechnology.
In September 2021, the Ministry of Defence launched an investigation into how the identities of 250 Afghanistan-based interpreters who worked with UK forces were compromised in a group email. This followed a national security incident where a civil servant left MoD documents in a “soggy heap” near a bus stop in Kent.
Share this page
CONTRIBUTIONS FROM READERS
Please login to post a comment or register for a free account.
Sensitive data was left unsecured in prison holding area, according to data watchdog
Authority claims it is taking ‘swift and decisive action’ in response to incident it claims affected several councils
Officials are warned that, if they choose to use non-corporate channels, they must 'be prepared to defend your choices'
ICO investigation finds that video platform failed to prevent more than one million underage users signing up
Related Sponsored Articles
The traditional reactive approach to cybersecurity, which involves responding to attacks after they have occurred, is no longer sufficient. Murielle Gonzalez reports on a webinar looking at...