The UK Information Commissioner’s Office (ICO) fined the Cabinet Office £500,000 over a data breach that disclosed the personal details of more than 1,000 famous people listed for 2020’s New Year Honours.
The ICO said the Cabinet Office had failed to put proper technical and organisational measures in place to prevent disclosure of personal information in breach of UK’s data protection law.
On 27 December 2019, the Cabinet Office published a file on the gov[.]uk website which contained the names and addresses of more than 1,000 people announced in the New Year Honours list.
The list included the likes of Sir Elton John, the TV chef Nadiya Hussain, cricketer Ben Stokes, the former Conservative Party leader Iain Duncan Smith, NHS England’s then-CEO Simon Stevens, and public prosecutions ex-director Alison Saunders.
It also included details on more than a dozen Ministry of Defence employees and counter-terrorism officials.
After becoming aware of the error, the Cabinet Office removed the weblink to the file, but it was still cached and therefore accessible to people who knew the exact webpage address.
According to the ICO, the personal data of people was accessed 3,872 times during the two hours and 21 minutes period in which the list was available online. So OK, the taxpayers will be paying the fine. So, what’s new?