The UK Cabinet Office is seeking digital service providers to deliver a £2.25m data protection programme, following a high-profile breach last year.
The department, which supports the prime minister and cabinet, is acting after it inadvertently released a version of the New Year’s Honours list in 2019 which revealed the addresses of the recipients.
It is now planning to implement six recommendations made in a subsequent review into the department’s data protection weaknesses. The review found gaps in governance and organisation, inconsistent application and a lack of monitoring ability to protect against and respond to data breaches. The six recommendations (detailed below) are intended to fix these issues.
The Cabinet Office has in the last week published a market notice inviting suppliers to apply to work on the project. The deadline for applications is 27 August and the work is expected to be complete by the end of the year.
The notice said: “The Cabinet Office needs to mobilise a programme to respond to the findings of a data handling review through enhancing capabilities, standards and controls across the department to manage data privacy risk."
It added that “there is a significant risk that further and more impactful breaches will occur as the amount of personal data being handled by the department increases”
The New Year’s Honours list, in December 2019, was released online as a comma separated variable (CSV) spreadsheet with address details of the recipients. It was online for 40 minutes before it was taken down. More than 1,000 people were affected, the BBC reported at the time.
Full article on https://gdpr.report/news/2020/08/18/uk-government-department-seeks-digital-suppliers-to-roll-out-2-25m-data-protection-programme-following-new-years-honours-breach/
#UK #government #dataprotection #yokdata