The Afghan data breach that exposed the details of more than 18,000 people was a “wake-up call” for the way in which government handles data, a security minister has advised MPs.
Dan Jarvis, who oversees hostile threats to the UK in addition to cybersecurity and crime in his job as security minister, stated on Tuesday that there had been “significant change” throughout authorities to verify civil servants know how you can deal with private data properly, and know who’s accountable for oversight.
The Afghan leak, which potentially put up to 100,000 lives at risk from reprisals by the Taliban, was found in August 2023 and led to hundreds of Afghans being secretly relocated to the UK. The breach happened when a Ministry of Defence (MoD) official emailed a spreadsheet with 33,000 rows of private contact data to somebody exterior authorities.
The leak was hidden from the general public and MPs through the use of a superinjunction and was solely revealed afterThe Independent and different media organisations efficiently fought to carry it.
Mr Jarvis advised the science and expertise committee on Tuesday: “I think it is right to say that the Afghan data incident was a big wake-up call and, as a consequence, we’ve seen quite significant cultural process change. But as ministers, we think it’s important to provide the leadership [on good data practice].”
The UK’s data regulator, the Information Commissioner’s Office (ICO), which was accountable for probing the MoD’s response to the leak, selected to not launch a proper investigation into what had gone improper, a call that was met with criticism after the breach got here to mild. The ICO was one of many few official our bodies that knew in regards to the leak, whereas the general public and MPs have been stored in the dead of night for practically two years.
Following this breach, and one other Afghan data incident involving mistakenly shared emails, the ICO signed a memorandum of understanding (MOU) with the federal government in January in an effort to scrutinise data dealing with.
It commits the federal government to better transparency, with the regulator promising to “hold government to account” if errors occur once more.
An assurance assertion will even be revealed every year to point out how the general public’s data is being stored secure and the federal government will contain the ICO earlier in initiatives, similar to digital ID, which contain new applied sciences and use of private data.
A authorities chief data officer has additionally been put in place to be answerable for data observe throughout totally different departments.
Vincent Devine, the government’s chief security officer, stated the MOU dedicated the “government to a really radically different approach” to the regulator. He stated that working extra carefully with the ICO would result in a “more trusting relationship” the place authorities “share information more broadly”.
MPs beforehand heard how officers on the ICO took no contemporaneous notes of their determination to not launch an official investigation into the Afghan data breach, claiming they have been unable to file something as a result of classification of the key data.
Ian Murray MP, minister on the Department for Science and Technology, stated the breaches have been “incredibly serious, but given that government shares and uses data billions of times a week, government data on the whole is very secure”.
He added: “These incidents, while very serious, are within the government context of data, very rare. They’ve set in motion a whole series of events including the MOU, including the review.”
However, he caveated his feedback, saying: “It would be wrong to suggest that all data is going to be 100 per cent secure forever because human error is very difficult to take out of the system.”