Honours leak

2020 seems to be getting off to an inauspicious start with the compromise of the home addresses of prominent UK citizens–many of them in lines of work that could make them targets for crime.

The UK Cabinet Office issued an apology after a data leak that involved the exact addresses (including house and apartment numbers) of more than 1,000 New Year Honours recipients. The information was posted online and visible to the public for about an hour.

January 1 is one of two days reserved for the announcement of new members of the UK’s honor system, which includes newly minted members of the Order of Chivalry as well as other distinctions. The other day for such announcements is April 21, Queen Elizabeth’s birthday.

The names and addresses of 1,097 honors recipients were published on the New Year Honours website Friday, December 27. Included on the list were recording artist Sir Elton John, former Director of Public Prosecutions Alison Saunders, and several other athletes, celebrities, and government officials.

While many of the addresses on the list were already publicly available, individuals on the list are concerned for their safety.

“It’s much more concerning for private citizens, like those who have been involved in policing or counter-terrorism or other such sensitive cases, to have their addresses published,” said former Tory leader Sir Iain Duncan Smith to the Sunday Times.

“For someone like myself in direct frontline services, it would be very worrying if those details could be shared,” said Women’s Aid regional manager Sonya McMullen, whose address was also leaked.

As reported by the BBC, in an interview on Radio 4, former head of the civil service Lord Kerslake “suggested ‘human error’ could be to blame for the leak and called on investigators to look at whether staff were given training on data regulation.”

While the incident was subsequently reported to the Information Commissioner’s Office (ICO), which has the power to levy fines when personally identifiable information is mishandled or breached, what exactly is the right punishment for a crime where a layer of security is lost–and changing residence is the only remedy?

Do the fines cover the cost of selling a home, and all the associated expenses of moving? It’s an unknowable problem set, but there is one thing we know for certain: This sort of leak is avoidable. A combination of training and preventative systems can help employees avoid such grave mistakes–systems and protocols that work even on the day after Boxing Day, when employees may not be in the best shape.

There is always another layer of protection and prevention to be had when it comes to cyber and the protection of our information, just like there is always another story about failures to protect it.