13 December 2021
The Information Commissioner’s Office (ICO) found officials failed to put in place “appropriate technical and organisational measures” to prevent the unauthorised disclosure of personal information in breach of data protection law.
Public figures who had their home addresses published on 27 December 2019 on the gov.uk website included Sir Elton John, the cricketer Ben Stokes, NHS England’s then chief executive, Simon Stevens, the TV chef Nadiya Hussain and the former director of public prosecutions Alison Saunders. The inadvertently published list also included more than a dozen MoD employees and senior counter-terrorism officers.
The largest fine imposed by the ICO was a £20m punishment for British Airways following a hack of customer data in 2018. Marriott Hotels was fined £18.4m, also following a data breach.
A Cabinet Office spokesperson said: “The Cabinet Office would like to reiterate our apology for this incident … We take the findings of the Information Commissioner very seriously, and have completed an internal review as well as implemented a number of measures to ensure this does not happen again.”