The government has apologised "to all those affected" after it accidentally published addresses of more than 1,000 New Year Honour recipients. The data was very quickly removed once it was discovered, and reported to the ICO, (Information Commissioner’s Office), who will be ‘making enquires’.
How could this happen?
How was this allowed to happen, and why were no final checks carried out before the document was published?
It is an extraordinary breach, to a well-established process that has happened for many years. The breach is very likely due to human error, which still remains to be the primary cause of all personal data breaches (PDBs). Of the 4,856 PDBs reported to the ICO between 1st January and 20th June 2019, 60% were the result of human error. Of those incidents, almost half (43%) were the result of incorrect disclosure, and 16% were within Central and Local Government sector.
The breach highlights the important of staff training and the confidentiality principle of GDPR. How well were staff trained on data security and what processes and procedures did they have in place for protecting personal data? Robust training schedules alongside managed compliance services will help mitigate these kinds of incidents from happening.