The Ministry of Defence has outlined a series of reforms introduced in response to the data breach involving the Afghan Relocations and Assistance Policy (ARAP), following a written question from Lord Alton of Liverpool.
Responding on 24 July, Defence Minister Lord Coaker stated: “The Ministry of Defence (MOD) has commissioned several audits at various times since the data protection incident relating to the Afghan Relocations and Assistance Policy to inform remediation plans. All recommendations from these audits have been accepted and are either complete or work-in-progress.”
He emphasised that “it is a key priority of this Government to reinforce data handling practices,” citing the introduction of a new casework management system within the Defence Afghan Relocation and Resettlement (DARR) team that “prioritises data protection.”
Lord Coaker said the DARR team had also completed “a comprehensive review on legacy data held within this casework management system and historic email accounts to ensure information is held at the right security classification and within the right location.” He added that “shared sites [are] locked down and proactively managed,” applying strict “need-to-know principles.”
He noted that a new senior civil servant Chief Information Officer was appointed to the DARR team in October 2024, “with responsibility for a larger and more skilled data and information management team.” That team has produced a data strategy “in line with the Government Digital Services’ data maturity assessment.”
Mandatory training across DARR has been enforced: “All current staff have completed it. Bespoke induction training includes security briefings and data protection training, and there are regular communications on protecting information and expected behaviours, including discussions at senior leadership level.”
Finally, Lord Coaker stated that the MOD is “continuously investing in our cybersecurity infrastructure to ensure we remain resilient against evolving threats,” and is working to build “a workforce that is confident, capable, and cyber secure.”
Alongside this, I read a report on BFBS that Regimental Associations are regularly listing names of personnel online who are posted away from the Regiment, including those serving with DSF.
The often used cover name for postings is regularly seen online, and is found on Linkedin as well.
So it’s not just the MoD.
Human error is unfortunately a problem in any organisation however the solution used to be to employ tech to spot and block any such errors. Most organisations have however eliminated those resources ironically in the name of saving money.
Stop using Excel as a database would be a start 🤦🏻♂️
They should go back to paper files for important documents and they should not leave the building. The security services ran effectively for years with files and typists before computers were invented.