Elizabeth is a Solicitor who works in the Commercial team.
She advises clients on all aspects…View Profile View all
The Cabinet Office has received heavy criticism for inadvertently publishing personal data of recipients of New Year honours online. On the evening of 27th December 2019, a spreadsheet containing a full list of the 1,097 recipients, including their home addresses, was mistakenly made accessible to the public on an official government website.
Among those affected were several high-profile recipients such as cricketer Ben Stokes, TV chef Nadiya Hussain and former Ofcom boss Sharon White. Other individuals on the list included more sensitive names such as counter-terrorism police officers and senior diplomatic and military figures.
The breach was almost certainly due to human error, which is a common cause of data breaches that are reported to the Information Commissioner’s Office (ICO). In response to the data breach, the Cabinet Office reported the incident to the ICO and publicly apologised to all those affected. It has apparently also contacted the affected individuals directly to apologise and to provide advice and guidance on any security concerns they may have.
In accordance with the ICO’s powers to impose fines on organisations for data breaches, the Cabinet Office could face a fine of up to €20million, subject to the outcome of the ICO’s investigations. In addition, it could face legal action from the individuals affected, for publicising personal data which the individuals have sought to keep private.
What does this mean for your business?
This failure by the Cabinet Office to keep personal data secure serves as a reminder of the importance of having effective data protection systems and procedures in place to safeguard personal data. Security of personal data is a key concern of the ICO and as such should be entrenched in all businesses’ day to day operations.
While human error is difficult to guard against, given the potential damage resultant personal data breaches can cause, it is essential that you have proper systems in place to prevent such errors from occurring. You must ensure that all staff undertake data protection training, so that they understand how to keep personal data secure and how to avoid a data breach, what constitutes a personal data breach, and when and to whom to report a suspected breach.
In cases of infringement of current data protection laws the ICO have the power to impose substantial fines on organisations, which, depending on the type and severity of the infringement, could be up to a maximum of 4% of annual turnover or €20million, whichever is higher.
For further information, please contact our Commercial team on 0113 849 4000.