No Surprise there.
Never mind the victims of the fuckup. Clearly the right arses need to be covered.
UK data regulator defends decision not to investigate MoD Afghan data breach
The UK's data protection regulator declined to launch an investigation into a leak at the Ministry of Defence that risked the lives of thousands of Afghans connected with the British Armed Forces. The MoD was responsible for the accidental data breach, which took place in February 2022 and is likely to have cost more than £850 …
-
-
Wednesday 22nd October 2025 13:11 GMT NoneSuch
Re: No Surprise there.
Arse covering indeed. Why would anyone ever help the UK again in an armed conflict?
The Americans screwed over tens of thousands starting in Vietnam and every other area of conflict it has been in since. "Help us and we'll protect you," didn't work out that well for those that literally risked their lives and were left on the runway watching the last evacuation jet leave.
-
Thursday 23rd October 2025 06:27 GMT Anonymous Coward
Re: No Surprise there.
It's shockingly stupid isn't it. Best to keep as far from American foreign "policy" as possible. Now this from the UK but who's more stupid, the government or the people who get involved. We prove time and time again that the West is not to be trusted. Makes me ashamed, it's not what I want our country to be. There is true value in honour.
Nothing to investigate my arse.
-
Thursday 23rd October 2025 11:02 GMT Anonymous Coward
Re: No Surprise there.
For a regulator that is driven by ‘impact related’ issues this is clearly horseshit.
Do they need a body of a dead Afghan interpreter dumped on their door by the Taliban ??
ICO another shitty regulator not fot for purpose.
Curious what the cost of the breach of £850m attributed too - Not like they removed any more afghans. Many people utterly shamefully just abandoned. Was £850m the entire cost of running away like a pussy from Afghanistan ??
-
-
-
Thursday 23rd October 2025 00:53 GMT Blazde
For the ICO to go in and start investigating [an incident, it] can actually get in the way
They're absolutely right. It'll be much more hassle and embarrassment for the establishment to investigate, and any action will only force a change of processes in an attempt to prevent a repeat of the incident. That change will cost money and probably also cause some kind of delay for future emailing of spreadsheets, which is presumably a vital daily activity. Much better to just hope and pray a repeat incident doesn't happen again before the involved personnel have moved on. By then it'll be somebody else's problem.
-
-
Thursday 23rd October 2025 06:32 GMT Anonymous Coward
Re: "Edwards told MPs the ICO decided not to investigate because it might hinder the MoD's response.
That might be correct, but the fact that so many don't believe it tells a story. Now fellow sceptics, apply that scepticism widely because there is so many lies we are told yet collectively we fall for them every time.
-
-
Thursday 23rd October 2025 00:57 GMT ParlezVousFranglais
"For the ICO to go in and start investigating [an incident, it] can actually get in the way"
It's f***ing SUPPOSED to get in the way - that's what the sodding legislation is there for, to stop either malicious or incompetent treatment of other people's data.
This is a blatant cover-up, no more, no less, and means that the MoD can continue this abuse of trust with absolutely no ramifications - absolutely shocking...
-
Thursday 23rd October 2025 00:58 GMT tiggity
FFS
Peoples lives at risk & their families.
But it appears (poor, brown skinned Afghan*) life endangering incidents don't matter as much as financial data breaches
* I leave it as an exercise for each individual reader (based on how poor a view of the ICO they have) to guess whether the response would have been different if they were white British (and wealthy and / or influential)
-
-
Thursday 23rd October 2025 09:48 GMT Doctor Syntax
Re: Probably pragmatic
They need to be able to hold individuals responsible. Not necessarily the individual who sent the email but whoever was responsible for the process that required and/or allowed sending data in s spreadsheet instead of being exported as some other form such as CSV or PDF.
-
Thursday 23rd October 2025 01:00 GMT Anonymous Coward
Public Sector Data Protection compliance standards
"In a joint committee with DSIT and the Cabinet Office, Edwards said there would be a plan to raise standards by the end of the year."
I don't how they could make Public Sector compliance standards any worse lol.
BTW, not data protection related, did you know that organisations responding to FOI Requests are not required to provide only accurate information? They can respond with information that they know to be inaccurate/untrue (indeed they can state "facts" that they know to be untrue and which are provably untrue) and the ICO don't care: "It falls outside of the remit of the Commissioner to consider this. FOIA concerns access to information, not the accuracy of such information."
-
Friday 24th October 2025 01:07 GMT Blazde
Re: Public Sector Data Protection compliance standards
They can respond with information that they know to be inaccurate/untrue (indeed they can state "facts" that they know to be untrue and which are provably untrue) and the ICO don't care: "It falls outside of the remit of the Commissioner to consider this. FOIA concerns access to information, not the accuracy of such information."
But only if the organisation doesn't have the accurate information you've asked for, presumably? That's fair. You can't force an organisation to acquire potentially costly 'accurate' information just because of an FOI request, and we can't have a situation where the ICO is arbiter of what constitutes accurate information anyway.
Indeed, being able to assess for yourself whether some public sector information is inaccurate or not by requesting it, is a desirable feature of the system.
-
Saturday 25th October 2025 15:30 GMT Anonymous Coward
Re: Public Sector Data Protection compliance standards
"But only if the organisation doesn't have the accurate information you've asked for, presumably?"
Nope, I had a FOI Request and subsequent ICO complaint regarding said FOI Request where the ICO requested the organisation provide a current accurate membership list of a group, the org continued to insist that the May 2023 list they had provided to me was the current membership list despite the org having authored a document in Nov 2024 that contained a more up-to-date list.
Despite me providing evidence to the ICO of the existence of this more up-to-date membership list the ICO didn't bother to pursue that aspect of my complaint any further.
-
-
Thursday 23rd October 2025 01:00 GMT VoiceOfTruth
Translation
>> Information Commissioner John Edwards, who oversees government data protection, said his office decided not to launch an investigation into the historic leak after meeting with MoD officials.
Edwards was told to get lost. He's not in charge of anything. He can go back to pretending he's important.
-
Thursday 23rd October 2025 07:14 GMT redpola
I get that this is difficult and unusual owing to the sensitivity of the data but
SOMEONE screwed up.
WHO screwed up. HOW they screwed up. WHAT will be done to prevent this again. These are not sensitive data.
Add in that it’s a billion quid of our money and put at risk the material safety of people and the families of people who actively served the UK.
This needs more of a resolution than this.
-
Biting the hand that feeds IT
