January 18, 2021

MoD reports 18% rise in personal data loss

By Robert Scammell

Personal data loss incidents at the Ministry of Defence (MoD) have increased by 18% in a year, according to official figures.

There were 546 reported incidents where data was lost, disclosed without authorisation or disposed of insecurely in the 2019-20 period.

That’s up from the 463 MoD personal data loss incidents in 2018-19, according to the department’s recently published annual report.

The MoD defines protected personal data as “s information that links an identifiable living person with information about them which, if released, could put the individual at risk of harm or distress”.

Of the 546 data leaks, seven were deemed serious enough to report to the UK’s data regulator, the Information Commissioner’s Office (ICO).

It included a whistleblowing report being issued to the subject of the report without protecting the whistleblower’s identity. This took place in March 2020 and affected six people.

The vast majority – 454 – MoD personal data losses in 2019-20 were classed as an unauthorised disclosure.

In August 2019 criminal investigation files were lost during archiving, affecting 16 people. Other incidents reported to the ICO included files being lost in transit and unauthorised access to patient notes.

Another “serious” incident involved a sub-contractor incorrectly disposing of documents containing personnel and health data of former employees.

Tim Sadler, CEO of cybersecurity firm Tessian, said: “Time and time again we see how simple incidents of human error can compromise data security and damage reputation. The thing is that mistakes are always going to happen. So, as organisations give their staff more data to handle and make employees responsible for the safety of more sensitive information, they must find ways to better secure their people.”

Last week the Home Office came under fire after it confirmed it accidentally deleted some 213,00 fingerprint and DNA records.


Read more: Will the National Cyber Force make the UK safer? Industry responds


 

Verdict deals analysis methodology

This analysis considers only announced and completed deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.

GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.

More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.

Topics in this article: