The publication of the New Year Honours list is a ‘set piece’ communications operation for the Cabinet Office and wider UK government. Coming at the end of the quiet festive period, it’s normally a positive event, where the best of British individual achievement is celebrated.
Unfortunately this wasn’t the case for the final honours list of the last decade, which will be remembered for the serious data breach. For a short period, the addresses of over a thousand individuals on the list were available to view via a spreadsheet which had apparently been uploaded in error.
The announcement of the list is a finely tuned operation involving press offices across Whitehall, which includes pre-briefing the media, the setting up of a digital campaign, and publishing the full list of recipients online. From my time running the digital communication operation for the Cabinet Office and Downing Street, I have experienced how the Honours and Appointments Secretariat works closely with counterparts in the web team to ensure the list is published accurately. Ahead of the agreed publication time, news stories and social media posts will have been agreed and approved, alongside uploading the various spreadsheets listing the recipients and some basic data on their backgrounds.
For previous announcements, the only data related to location was no more specific than ‘county’ or ‘town’. On this occasion however, a document containing sensitive address information was visible on the Government’s website for around an hour before being removed.
This has resulted in a string of critical coverage and commentary, with some media highlighting that the list contained the personal details of counter-terror police and officers working on sensitive criminal cases, as well as high profile public figures.
Responding to the criticism, the Cabinet Office has explained it has notified the Information Commissioner’s Office about the breach and an internal investigation will be under way. It is likely to focus on which link in the chain of responsibility fell short and this will lead to more rigorous systems and processes being put into place in the future.
The officials who have worked over a long period to ensure things ran smoothly will be mortified at how processes broke down in this case, allowing the sensitive data to be included. Whatever the outcome of the investigation, the Cabinet Office will need to work to ensure it can regain trust in the Honours system. I would expect that to be in place well ahead of the announcement of the Queen’s Birthday Honours List in June.
In an increasingly complex world of media scrutiny and the speed of digital, it shows how one slip-up can cause major reputational impact, which might even lead to a hefty fine. But it also comes at a time where there’s more scrutiny than ever into how the Civil Service operates.
Dominic Cummings’ blog, ‘Two hands are a lot’ – we’re hiring data scientists, project managers, policy experts, assorted weirdos’ has gone viral, putting his desire to shake things up into the public consciousness. “The point of this government is to do things differently and better and this always looks messy,” he argues.
The breach is a timely reminder that doing something which ‘looks messy’ should not be at the expense of fundamentals such as ensuring data is handled properly and securely. In fact, making the best use of data is an area which has been highlighted as being a game changer to improving policy-making and public services.
Any organisation which handles personal data has a duty to ensure the highest standards are maintained. When it comes to a government organisation, breaches are magnified by traditional and social media commentary which will only harm reputation.
The events around the New Year Honours breach will remain a good case study of how a single error can have significant reputational consequences. Data handling best practice may not be the most exciting of topics, but it is one that must not be ignored.