Dozens more Afghan relocation data breaches uncovered by BBC

The Ministry of Defense admitted that there were 49 separate data violations in the Unit, which deals with Afghan’s displacement applications requesting security in the UK.

The four of the 49 violations were open to the public – including the leakage of an electronic table with the details of the details of approximately 19,000 people who escaped from the Taliban in 2022.

This mammoth data violation, which caused thousands of Afghan secretly moving to England, was announced last month after lifting the Gaging order of the Supreme Court.

By the UK’s information guard ” [follow] Ordinary controls instead of reflecting a broader culture of incompatibility “.

However, lawyers representing Afghans affected by data violations, the new figures submitted to the BBC within the scope of the Freedom of Information Law, said that the re -settlement plan expressed concerns about the loose security culture among those who employees.

The mode refused to give any details about the quality of each violation, but the previously open -to -public incidents involves accidentally explaining the authorities to third parties’ E -Post addresses or other personal details of the candidates.

In February 2022, Hundreds of Afghan, which was affected by the largest violations, the President of Data Protection Adnan Malik said, “What began as an isolated event that the Ministry of Defense initially tried to protect the public, turned into a series of disasters failure.

He said: “We call on the Ministry of Defense to be completely transparent with both the affected and the wider people. Victims should not have to learn the truth through legal transactions or news reports.”

The Afghan Displacement and Aid Policy (Arab) was founded in April 2021 to help people who worked with the British armed forces in Afghanistan and re -establish appropriate applications and family members in the UK to re -place their lives. It was closed in July this year.

The program was revived by revelations about weak data security and potentially risks the life of Afghans working with British forces.

In September 2021, BBC News, more than 250 Afghan seeking displacement for UK Accidentally copied from the Ministry of Defense to E -PostKeeping them under the risk of retaliation.

In that month, a total of 265 E -Posta addresses were shared in three different cases, which ultimately led to a fine of £ 350,000 from the guard dog.

A source of defense, violations, “the government was very difficult and embarrassing for the public execution of the public,” he said.

At that time, the defense secretary Ben Wallace, expressed his personal anger to those who occurred, said to the MPs: “To ensure that this was not happening again, I wanted not only the e-mail to be taken into account, but not the poor person who pulled the chain upwards.”

Two months after the events, in November 2021, then the conservative government declared “important healing actions” including new data processing procedures and training, and a new “two pairs of eye rules” requiring any external e-mail for an Arab-appropriate Afghan National National National Nation will be examined by a second personnel.

The government said, “measures were taken to” prevent such events from occurring again “.

Instead, data violations continued in February 2022, including a potentially disaster leakage, seeing that a soldier in Regent sent a small number of applicants to his reliable Afghan contacts.

They did not realize that the secret data in the electronic table contained their names, contact information and some information about family members and partners for approximately 19,000 people.

When the leak was discovered about 18 months later, in August 2023, then the conservative government sought a Gaging order to make the details of the mistake open to the public. The government has successfully argued that lives are at risk and that the Taliban would be warned if a precautionary decision was not made.

Super precautionary measure was not removed until July this year.

Jon Baunes, a senior data protection expert in the law office Mishcon de Reya, said the new figures revealed by the BBC showed that “a remarkable number of data security events according to the Arab scheme”.

“It is difficult to think more sensitively than the scheme and I am surprised why there are no better security measures.”

The seven of the 49 data violations were serious enough to ask Mode officials to inform the information commissioner (ICO) data observer.

This includes three violations that have not been announced before – one in 2021 and in 2022.

ICO said the amount of information it still holds on these violations and why it has not taken more action, but her work with mode was “ongoing”.

“We continue to interact with mode, so we can be sure that they make the necessary improvements.” He said.

The surveillance did not take any action in the mode on the data violation of the major electronic table, which were previously subject to reporting restrictions imposed on the court, and argued that in this case we could add very few things to justify the allocation of the source more than other priorities. “

“First of all, ICO has previously conducted a deeper investigation before, and the second was serious questions about whether there was an emergency need for more investigations.

“What can we all assure us, since mode properly protects the extremely sensitive personal data?” He added.

The source of a workers’ government accused previous conservative administrations for inadequate data protection measures, and the labor force has been introduced since the arrival of last year and other changes have been made.

“The current ministers have repeatedly emphasized the incorrect management of the data around the Arab plan during the opposition.” He said.

“Since last July, we have brought a series of new measures to increase data safety, and to allow the parliamentary review and accountability to allow it to be accountable to the public under the previous government.

“This data leakage should never have been, and the data protection protocols were an unacceptable violation of the data protection protocols.

The defense secretary issued an apology on behalf of the government and the conservatives participated in this apology.

He continued: “When this violation appeared, the priority of the state at that time was to protect people in the data set.”

A modern spokesman said: “We take data security extremely seriously, and we are determined to ensure that any incident be handled properly and to follow our legal duties.

“All events that meet the threshold within the scope of the United Kingdom Data Protection Laws are directed to the Information Commissioner Office and less events are examined in order to ensure the learning of the courses.”

If you have any information about the stories you want to share with the BBC Policy Research Team, please contact policsvestigations@bbc.co.uk.