The Government has been urged to accelerate efforts preventing data breaches following the 2022 leak of thousands of Afghan applicants' details. The UK Information Commissioner called for urgent action to fully implement security recommendations after a string of public sector data failures.
Ministers should "as a matter of urgency" complete all recommendations from an information security review conducted in 2023, Information Commissioner John Edwards warned. The review was undertaken by the previous Conservative government but only made public on Thursday after sustained pressure.
Dame Chi Onwurah, chairwoman of the Science, Innovation and Technology Committee, forced the Government to release the previously secret review. She criticised the lack of transparency surrounding the document's existence and questioned why only 12 of 14 recommendations have been implemented.
Security review controversy
"I'm glad that this information security review has finally been made public, but it's concerning that it took an intervention from my committee and the Information Commissioner to make this happen," Dame Chi said. She demanded answers about why the review remained secret even after the Afghan breach became public knowledge.
The 2022 incident saw a defence official accidentally leak details of 18,714 applicants for the Afghan Relocations and Assistance Policy (Arap) scheme in an email spreadsheet. The blunder remained undiscovered for over a year until August 2023, when the Ministry of Defence secured an unprecedented gagging order.
The breach prompted fears the Taliban could target would-be refugees for reprisals. It also led to the establishment of a secret Afghanistan Response Route (ARR) scheme to bring affected individuals to the UK at a projected cost of £850 million.
Real world impact
Edwards warned that public sector data leaks "have real world consequences including putting lives at risk and undermining public trust in government". He told Chancellor of the Duchy of Lancaster Pat McFadden that while some progress had been made, the Government must accelerate its response.
"The Government needs to go further and faster to ensure Whitehall, and the wider public sector put their practices in order," the Information Commissioner said. He emphasised the urgent need to fully implement all security review recommendations.
Dame Chi stressed that public trust remains essential for the Government's digital transformation ambitions. "For the Government to fulfil its ambitions of using tech to boost the economy and transform our public sector, it needs the public to trust that it can keep their data secure," she said.
Sources used: "PA Media" Note: This article has been edited with the help of Artificial Intelligence.
