openDemocracyUK: News

Cabinet Office fined £500,000 for publishing celebrities’ private addresses

More than 1,000 people – including Elton John and Nadiya Hussain – had home addresses shared by UK government, leading to safety concerns

profile2.jpg
Martin Williams
2 December 2021, 11.40am
‘A sad, sad situation’: Elton John among stars who had their addresses published online
|
PA Images / Alamy Stock Photo

The Cabinet Office has been fined £500,000 for publishing the postal addresses of more than 1,000 New Year Honour recipients online.

The accidental disclosure included the private address of Elton John, Tory MP Iain Duncan Smith, and the former director of public prosecutions, Alison Saunders.

The data remained online for two hours and 21 minutes – and was accessed more than 3,800 times.

The Information Commissioner’s Office (ICO), which issued the fine, today accused the government of “complacency” over the privacy breach – and said it had “real life consequences” for the people affected.

Get our free Daily Email

Get one whole story, direct to your inbox every weekday.

“At a time when they should have been celebrating and enjoying the announcement of their honour, they were faced with the distress of their personal details being exposed,” said Steve Eckersley, the ICO’s director of investigations.

“The Cabinet Office’s complacency and failure to mitigate the risk of a data breach meant that hundreds of people were potentially exposed to the risk of identity fraud and threats to their personal safety.”

He added: “The fine issued today sends a message to other organisations that looking after people’s information safely, as well as regularly checking that appropriate measures are in place, must be at the top of their agenda.”

The list included individual’s house numbers, street names and postcodes. But even after the Cabinet Office realised that personal data had been released, a cached version of the file remained online. This was accessible to anyone who had the correct web link.

Three of the people affected filed complaints raising personal safety concerns, while a further 27 people also made complaints to the information watchdog.

Cabinet Office’s complacency... meant hundreds of people were potentially exposed to... threats to personal safety

The ICO said the government had “failed to put appropriate technical and organisational measures in place to prevent the unauthorised disclosure of people’s information”.

Speaking at the time, the blunder was described as “inexcusable” by the privacy rights group Big Brother Watch. “It's extremely worrying to see that the government doesn't have a basic grip on data protection,” said the organisation's director, Silkie Carlo.

More than a dozen Ministry of Defence employees also had their personal addresses made public, along with senior counter-terrorism officers.

TV cook Nadiya Hussain, England cricketer Ben Stokes and the former Ofcom boss, Sharon White, were also on the list.

‘Frosty’ relations

The £500,000 fine comes at a time of stormy relations between the Cabinet Office and the information watchdog. Last week, the outgoing information commissioner, Elizabeth Denham, criticised the department for its record on transparency.

She said its actions “increase suspicion” about a secretive unit called the Clearing House, which vets Freedom of Information (FOI) requests.

Denham was speaking to the Public Administration and Constitutional Affairs Committee, which is investigating the unit following allegations that it “blacklists” journalists.

The inquiry follows investigations by openDemocracy, which revealed how the Clearing House interfered with requests about the Grenfell Tower tragedy and showed that political advisers were allowed to “approve” FOI responses.

The Clearing House was also at the centre of a landmark legal victory by openDemocracy earlier this year. Ruling against the government, a judge criticised the “profound lack of transparency” over its FOI unit, saying that it might “extend to ministers”.

Today, the Cabinet Office apologised for the data breach and said it took the criticisms "very seriously".

"The Cabinet Office would like to reiterate our apology for this incident," a spokesperson said. "We took action to mitigate any potential harm by immediately informing the Information Commissioner and everyone affected by the breach.

"We take the findings of the Information Commissioner very seriously, and have completed an internal review as well as implemented a number of measures to ensure this does not happen again. This includes a review of the overall security of the system, information management training and improving internal processes for how data is handled by the honours team."

Related story

Elizabeth Denham Information Commissioner.jpg
The government department refused to allow a probe into its ‘Orwellian’ Clearing House unit in the wake of openDemocracy legal victory

Last week, Denham told MPs she was “frustrated and disappointed” that the Cabinet Office had rejected her offer to audit the department following the legal ruling.

She added that she had found it “very difficult” to get meetings with ministers in the Cabinet Office, and complained that the budget for enforcing transparency laws had been hugely reduced over the years.

Denham added that relations with the Cabinet Office had become “a lot less frosty” in recent years, which is why she was so frustrated about its refusal to agree to a voluntary audit.

The Cabinet office has been asked for comment.

We've got a newsletter for everyone

Whatever you're interested in, there's a free openDemocracy newsletter for you.

Who is bankrolling Britain's democracy? Which groups shape the stories we see in the press; which voices are silenced, and why? Sign up here to find out.

Comments

We encourage anyone to comment, please consult the oD commenting guidelines if you have any questions.
Audio available Bookmark Check Language Close Comments Download Facebook Link Email Newsletter Newsletter Play Print Share Twitter Youtube Search Instagram WhatsApp yourData