NPCC and NCA examining actions needed following New Year Honours data breach
The Information Commissioner’s Office (ICO) has begun an investigation into the Cabinet Office’s publication of the New Year Honours recipients’ home addresses, including counter-terror and National Crime Agency (NCA) officers.
The Government has apologised after releasing the wrong version of the honours list “in error” on Friday (December 27) and is offering security advice to anyone affected by the disclosure.
Former Conservative Party leader Iain Duncan-Smith, who received a knighthood in the honours and whose address was published online, said the mistake was a “complete disaster” for the officers involved.
The erroneous disclosure included the home addresses of more than 1,000 people, including celebrities like Sir Elton John, but also counter-terrorism officers, current and former police officers, former Director of Public Prosecutions Alison Saunders and three senior members of NCA staff.
The information was published on the Cabinet Office website and is reported to have been online for around an hour.
The National Police Chiefs’ Council chair Martin Hewitt said: “The accidental publication of addresses belonging to New Year’s Honours recipients is a serious mistake. We are engaging with relevant governmental departments, including the Home Office and Cabinet Office, to ascertain what actions they are taking to manage the situation, and to see what actions we might need to take.
“We will work with forces and with the Police Federation to ensure that all relevant action is taken in respect of the police officers and staff that were on the list.”
The NCA said it was “aware of the accidental publication of personal details of recipients of New Year’s Honours” and its operational security team is working with the Cabinet Office to assess any potential personal safety risk to its personnel.
A Cabinet Office spokesperson said: “A version of the New Year Honours 2020 list was published in error, which contained recipients’ addresses.
“The information was removed as soon as possible. We apologise to all those affected and are looking into how this happened.
“We have reported the matter to the ICO and are contacting all those affected directly.
“Anyone affected should contact the Cabinet Office at email@example.com.”
The ICO said its investigation into the data breach was at an early stage.
The Cabinet Office could face enforcement action as well as civil remedy by the recipients.
Former head of the civil service Lord Kerslake told the BBC that “[the leak] is really bad news. I can see why they [those honoured] might be very concerned”.
He warned that even if individuals do not take legal action, potential fines issued by the ICO for serious breaches have been “very large indeed”.
Sir Iain Duncan-Smith was less concerned about the disclosure of his details as they were already in the public domain but he said: “It’s much more concerning for private citizens, like those who have been involved in policing or counter-terrorism or other such sensitive cases, to have their addresses published.”