Political investigation correspondent
Political reporter
Mod/Crown Copyright/2021The Ministry of Defense has admitted that in the last four years, there have been 49 separate data violations in rehabilitation applications from Afghans seeking security in the UK.
Four of the 49 violations were already publicly known – including a spreadsheet leakage in 2022, in which around 19,000 people were fleeing from the Taliban.
This mammath data breech, due to which thousands of Afghans were secretly transferred to the UK, came to light only after the High Court raised a gagging order last month.
It was described as “a failure as a failure” as an incident “by the UK notice guards. [follow] Normal checks, instead of showing a comprehensive culture of non-non-compliance “.
However, lawyers representing the Afghans affected by data violations said that the new figures issued to the BBC under the Freedom of Information, raised concerns about the culture of LAX security among those working on the rehabilitation scheme.
MOD has refused to provide any details of the nature of each violation, but the events already made public include inadvertently manifying the email address or other individual details of the applicants in third parties.
Adnan Malik, head of data protection in Barring Law, representing hundreds of Afghans affected by the biggest violations in February 2022, said: “What started as a isolated incident demanded to be kept by public views initially, now the prevalence has increased in a series of failures.
“We urge the Ministry of Defense to be fully transparent with both affected and wide public. The victims should not be forced to learn the truth through legal action or news reports.”
The Afghan transfer and aid policy (ARAP) was established in April 2021 to help those who were afraid of their lives, as they worked with the British Armed Forces in Afghanistan and worked to resettles the eligible applicants and their family members in the UK. It was closed in July this year.
The scheme has been motivated by revelations about poor data security, possibly the lives of Afghans who worked at risk with the British forces.
In September 2021, BBC News revealed that more than 250 Afghans were demanding transfer to UK. Mis accidentally copied from the Ministry of Defense in an emailPut them at risk of rebuke.
A total of 265 email addresses were shared in three separate incidents that month, which eventually imposed a fine of £ 350,000 from the Watchdog.
A defense source stated that the violations were “publicly intensity and shameful for the government”.
The then Defense Secretary Ben Walse expressed his personal anger over whatever happened, telling the MPs: “I am very curious that it is not only a poor person who drafts the email, which is held in the account, but to the series upwards, to ensure that it does not happen again.”
Two months after the events, in November 2021, the then Orthodox government announced “important therapeutic functions”, including new data handling processes and training as well as a new “two pairs of eyes”, which requires any external email a ARAP-qualified Afghan national, which must be reviewed by another member of employees before sending.
The government said that measures were taken to “prevent such incidents again”.
Instead, in February 2022, the data continued in violations, a potential disastrous leak, which saw a soldier in the park barrack of Regent, in which he sent a spreadsheet, which they believed that they considered a small number of applicants for reliable Afghan contacts.
They did not realize that the data hidden in the spreadsheet actually had some information for name, contact details and family members and colleagues for about 19,000 people.
When leaks were discovered after some 18 months, in August 2023, the then Orthodox government sought a gagging order to prevent details of the details of the error. The government successfully argued that life was at risk and the Taliban would be alerted if any prohibition was given.
The super prohibition that was imposed was not raised until July this year.
John Banns, a senior data protection expert at Law firm Mishkon D Riya, stated that the new figures exposed by the BBC show “a notable number of data safety events in relation to the ARAP scheme”.
He said, “It is difficult to think more sensitive about any information, which is involved with the plan, and it surprises me why there were no better safety measures,” he said.
PA mediaSeven of the 49 data violations were adequately serious for the requirement of MOD officers to inform the Information Commissioner Office (ICO).
This includes three violations – one in 2021, and two in 2022 – which have not been made public earlier.
ICO said it was limited to the amount of information organized on those violations and why it did not take further action, but that its work with the mod was “running”.
“We continue to connect with the mod, so we can be assured that they have made necessary reforms,” said a spokesman.
The Watchdog has not taken any action against the modes on the large spreadsheet data breech, which was previously subject to the reporting sanctions imposed by the court, arguing that “we could add very little to be added in this case that would make the allocation of further resources away from other priorities”.
John Bains said “Earlier there were serious questions whether ICO should have done more thorough investigation than before, and the second thing is whether more investigation is now needed.
He said, “What can we all get now assurance that the mod is protecting highly sensitive personal data properly, which is often assigned?”, He said.
The source of a labor government blamed the previous orthodox administration for insufficient data protection measures and said that new software has been introduced and other changes have been made since the labor came to power last year.
The source said, “The current ministers repeatedly highlighted the Tory mismanagement around the ARAP scheme in protest.”
“Since last July, we have hosted new measures to improve data security and we have publicly publicly violated the largest Afghan data that took place under the previous government, allowing for parliamentary investigation and accountability.”
A spokesperson of the Conservative Party said: “This data should never be leak and was an unacceptable violation of the data protection protocol.
The Defense State Secretary has issued an apology on behalf of the government, and the conservatives have joined that apology.
“When this violation came to light, the immediate priority of the then government was to protect individuals in dataset.”
A MOD spokesperson said: “We take data security very seriously and are committed to ensure that any event is dealt with properly, and we perform our legal duties.
“All events that complete the threshold under the UK Data Protection laws are referred to in the office of the Information Commissioner, and any less incidents are investigated internally to ensure that the lesson is learned.”
If you have any information about the stories you want to share with the BBC Politics Investigation Team,
