Data leak scandal ignites public outcry as government's investigative findings are finally revealed

The long-awaited 2023 Information Security Review, which has been withheld from publication for nearly two years, has finally been released following sustained questioning from Dame Chi Onwurah, chair of the Science, Innovation and Technology Committee.

The review, published publicly, sheds light on three recurring causes of public sector breaches: uncontrolled mass data exports from government databases, sensitive details revealed in misdirected emails, and hidden personal information embedded in online spreadsheets.

The release of the review comes at a critical time for the government's digital transformation agenda, which aims to deliver more public services online and harness new technologies across departments. The Afghan data leak, one of the most damaging in Whitehall's history, saw the personal details of over 18,000 Afghan nationals and their families, along with the names of UK MPs, officials, and members of the military, mistakenly circulated in an unsecured spreadsheet.

Dame Chi Onwurah has accused the government of deliberately limiting scrutiny and dragging its feet in the release of the review. She expressed concerns about the government's digital transformation agenda, stating that public trust in government systems is crucial for the success of the initiative. Twelve of the review's fourteen recommendations have been implemented, including strengthened security classifications, new cross-government training, and broader adoption of Microsoft 365 information protection tools.

ICO commissioner John Edwards called for the government to go "further and faster" to raise standards and establish a senior leadership board to enforce consistent practices across Whitehall. He warned that unless the recommendations are fully implemented and monitored, data security could become the Achilles' heel of the government's digital drive.

In response to the slow implementation of the review's recommendations, Dame Chi Onwurah questioned why only 12 of the 14 recommendations have been implemented. She has summoned McFadden and Edwards to give evidence before the committee next month. The files were sent outside authorized government systems in February 2022, and trust in Whitehall's ability to handle data securely remains fragile due to the Afghan data leak.

Dame Chi Onwurah warned that if the government cannot keep personal data secure, it will be difficult for people to be comfortable handing over their personal information. The row over the review and its implementation underscores the importance of data security in the government's digital transformation efforts and the need for transparency and swift action to protect sensitive information.

Data leak scandal ignites public outcry as government's investigative findings are finally revealed