London24NEWS

MoD fined over electronic mail blunder risking lives of interpreters fleeing Afghanistan

POLITICS

The Ministry of Defence has been hit with a £350,000 positive for revealing particulars of interpreters fleeing Afghanistan in an electronic mail blunder.

Personal particulars of 265 individuals, who might have been eligible to come back to the UK below the Afghan Relocation and Assistance Policy (ARAP), had been mistakenly copied into an electronic mail. Their addresses had been seen to all recipients, somewhat than being blind copied. The error may have put their lives at risk if the Taliban was in a position to get holder of the information, the Information Commissioner’s Office stated. The MoD has stated it accepted the significance of the information breach and apologised to the individuals affected.

The data commissioner, John Edwards stated the error “let down those to whom our country owes so much”. He added: “This was a particularly egregious breach of the obligation of security owed to these people, thus warranting the financial penalty my office imposes today.”

The ICO advises that “bulk email services, mail merge, or secure data transfer services” are used when sending any delicate private data electronically and these measures weren’t in place. The electronic mail addresses had been put within the “to” subject somewhat than the meant blind carbon copy (Bcc) subject and they also had been seen to everybody.

It said: “On 20 September 2021, the MoD sent an email to a distribution list of Afghan nationals eligible for evacuation using the ‘To’ field, with personal information relating to 245 people being inadvertently disclosed. The email addresses could be seen by all recipients, with 55 people having thumbnail pictures on their email profiles. Two people ‘replied all’ to the entire list of recipients, with one of them providing their location.”

And along with that incident there have been two different related knowledge breaches that month and in order that the full variety of individuals affected was 265. The ICO said: “The …. investigation found that, at the time of the infringement, the MoD did not have operating procedures in place for the ARAP team to ensure group emails were sent securely to Afghan nationals seeking relocation.”

An interpreter affected advised the BBC the error “could cost the life of interpreters, especially for those who are still in Afghanistan.” He said: “Some of the interpreters didn’t notice the mistake and they replied to all the emails already and they explained their situation which is very dangerous. The email contains their profile pictures and contact details.”

A spokesperson for the MoD stated: “The Ministry of Defence takes its data protection obligations incredibly seriously. We have cooperated extensively with the ICO throughout their investigation to ensure a prompt resolution, and we recognise the severity of what has happened. We fully acknowledge today’s ruling and apologise to those affected. We have introduced a number of measures to act on the ICO’s recommendations and will share further details on these measures in due course.”

You might also like More from author