back to article UK data watchdog fines government office for disclosing New Year's gong list

The UK's Information Commissioner's Office (ICO) has fined the Cabinet Office because it failed to put appropriate technical and organisational measures in place to prevent the unauthorised disclosure of recipients of New Year's honours. Twice a year, the government dishes out a mixed bag of honours – knighthood and Order of …

  1. Andy Non Silver badge

    So will the £500,000

    be paid out of government coffers for ICO to deposit the fine back into same?

    1. Woodnag

      Re: So will the £500,000

      Yup. As usual, appearances of Doing Something but nobody actually in charge of making sure idiocies like this don't happen gets pusnished.

      1. Eclectic Man Silver badge
        Facepalm

        Re: So will the £500,000

        I thought that HMG did not fine itself.

        So I am bewildered (and STILL awaiting my richly (un)deserved knighthood for services to procrastination).

        More seriously, a tad worrying that Cabinet Office is responsible for running Government security policy (including IT security). There was a Register article recently, I recall, about how much they were spending on training their staff in IT security.* Clearly someone is in need of a refresher:

        * https://www.theregister.com/2021/06/29/cabinet_office_cybersecurity_training/

    2. Anonymous Coward
      Anonymous Coward

      Re: So will the £500,000

      Less the lawyers' fees, i guess

  2. Yet Another Anonymous coward Silver badge

    Is this a problem?

    Presumably a Knight of the British Empire would be able to defend his castle against any internet riff-raff that might discover the address?

    1. Eclectic Man Silver badge

      Re: Is this a problem?

      Sadly, as Sir Terry Pratchett discovered, that being made a knight of the realm, you don't get given a sword, so he made one for himself.

      https://www.geeknative.com/16313/terry-pratchetts-meteorite-sword/

  3. Doctor Syntax Silver badge

    " a new IT system... to process the public nominations for the New Year Honours"

    Spreadsheet.

    1. Vometia has insomnia. Again.

      It'll cost an absolute fortune and overrun its budget. But yeah.

    2. Scott Broukell

      Don't forget to factor in paying handsomely for some chums to act as spreadsheet consultants, very important that.

  4. Anonymous Coward
    Anonymous Coward

    to a list of people deemed worthy...

    ...along with those who donate lots of ££££ to the Tory coffers.

    1. John Robson Silver badge

      Re: to a list of people deemed worthy...

      Along with? What other definition of worthy did you think applied?

      1. Anonymous Coward Silver badge
        Holmes

        Re: to a list of people deemed worthy...

        The ones that are so much in the public eye (and hearts) that it would be more hassle to defend not giving them an honour than to just give them one.

      2. Outski Silver badge
        Pint

        Re: to a list of people deemed worthy...

        National treasure (Nadiya Hussain)? National sporting hero (Ben Stokes)? Both were affected by the breach.

        --------------> Non-alcholic beverages are available

  5. Primus Secundus Tertius

    Government secrets and personal throwaways

    The government take care to protect government secrets e.g. cups of tea served per day. But it seems the Treasury refuse to allocate money to protect personal data. This incident is just one of many. I hope, forlornly, that some Treasury official gets sacked and loses their pension.

    1. Bitsminer Bronze badge

      Re: Government secrets and personal throwaways

      News flash -- ICO punishes HM Civil Service for disclosing a list of former Civil Servants sacked for disclosing lists of Honours.

    2. ThatOne Silver badge

      Re: Government secrets and personal throwaways

      > I hope, forlornly, that some Treasury official gets sacked

      Don't worry, every organization includes "fuse" subordinates who are there to get fired if the bloodthirsty crowds demand a human sacrifice. You identify them easily by the fact they don't do anything important, so their sudden departure won't disrupt operations.

  6. Phones Sheridan Bronze badge

    Lol, and within a day, the "Biggest ever fine" is embiggenned :p

    https://www.theregister.com/2021/12/01/ico_issues_biggest_ever_fine/

  7. Winkypop Silver badge
    Joke

    I never make these lists

    Just as well I guess.

  8. EnviableOne Silver badge

    HAS just got a budget increase

    £500,000 i presume

  9. Anonymous Coward
    Anonymous Coward

    Wow, an actual fine!

    I'm amazed to see this happen, especially to a government agency. As I posted in the past day in another ICO-related article:

    ICO are a complete waste of space

    Just received the final response from ICO on a case I raised about 6 months ago.

    Once again whilst the ICO indicated that they agree the government agency did not comply with GDPR and PECR the case is now closed with their usual waffle along the lines of them telling the agency to ensure staff attend mandatory training annually and that the agency's policies and procedures must be updated to reflect GDPR.

    This for a complaint that was specifically regarding the agency's Data Protection Officer failing to adequately perform their duties (as defined in GDPR) and of their DPO failing to get actively involved in my original direct complaint to the agency (at the time the agency's DPO simply passed my complaint on to the "relevant team", did not get involved in the issue at all, and did not even acknowledge receipt of my complaint). The DPO even had the audacity to claim that PECR was nothing to do with them as their DPO duties only covered GDPR compliance.

    For the various cases I've raised with ICO over the past couple of years the ICO has yet to take *any* significant action as a result of any of the complaints, even when they agree, for the majority of these cases, that GDPR/PECR has been broken.

  10. tiggity Silver badge

    some people are more equal than others according to this

    In typical data breaches, amount of fine per persons details leaked is tiny

    In this case, by ICO standards, its huge

    They obviously deem honours recipients as a higher calibre of person than your average pleb.

    Or can we see this as a start of a new approach and ICO fines actually exceeding a weedy slap on the wrist*

    * No, its one rule for them and one for the rest of us yet again

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022