UK blames legacy IT for incomplete data protection progress

UK blames legacy IT for incomplete data protection progress

Briefly

"Considered one of the most sensitive leaks of data in recent British history, the MoD twice exposed the details of Afghans who assisted British forces during the Taliban conflict. Around 19,000 applicants for the UK's resettlement scheme had their details compromised via the classic CC-not-BCC email blunder. Among the 14 data security recommendations in the review - compiled in 2023 but not published until August 2025 - was developing methods for cross-government information sharing that don't rely on email."

"The aim was to eliminate human error causing accidental data leaks, a pain point the Information Commissioner's Office previously highlighted and was trying to fix through cultural change. Ian Murray, minister for digital government and data, said "cultural change happens through practice," and the idea of technical solutions blocking civil servants from attaching documents to emails is one of the ways to enact this. Asked whether it is being rolled out across government, Murray confirmed it would be "where appropriate," but Aimee Smith, the government's chief data officer, warned of the challenges."

"Legacy IT issues are hampering key technical measures designed to prevent highly sensitive data leaks, UK government officials say. On Tuesday, Parliament's Science, Innovation and Technology Committee grilled senior ministers on the progress made to prevent a repeat of the incident involving the Ministry of Defence (MoD) accidentally exposing data that put Afghan informants' lives at risk. The hearing was scheduled to discuss the government's response following its Information Security Review, which, among other things, recommended that it implement the technical means to share information directly from the source, and not via email."