Site navigation

Data Protection Programme to be Rolled Out by UK Cabinet Office

David Paul


Data Protection Programme

It comes after a review published in April concerning its response to how data is handled after a major breach.

A new £2.25 million data protection programme is being set out by the UK Cabinet Office which aims to improve its control over private data.

The move comes after a review was launched following a major data breach in 2019 involving the personal information of prominent figures.

More than 1,000 new year Honours recipients had their addresses published online by mistake. The recipients included Sir Elton John and former Ofcom boss Sharon White.

The Government apologised for the mistake, and a review was launched to discover the cause of the problem.

A market notice has now been published to kickstart the programme, with a summary statement that the department must “mobilise a programme to respond to the findings of a Data Handling Review through enhancing capabilities, standards and controls across the department to manage data privacy risk”.

The review agreed that the office does have some systems in place to protect private data, but also had “gaps”, inconsistent application, and lack of monitoring, making it more difficult to protect against data breaches.

Six recommendations were put forward in the review:

  • Enhance accountability and governance with unified leadership for personal data.
  • Reward right behaviours and recognise skills.
  • Confirm a new data strategy.
  • Be transparent on progress.
  • Refresh the training and guidance provided to staff.
  • Establish consistent standards and technology controls.

Discussing the reason for the programme, a statement from the market notice said: “The Cabinet Office business strategy places a critical reliance on enhancing the capture, storage, management and use of personal and non-personal data.

“Recent events, however, have identified weaknesses in the Cabinet Office capabilities for managing personal data privacy.

“The Data Protection Act 2018 demands stringent obligations on the management of privacy risk and exposes the department to material penalties and regulatory censure in the event that risks are insufficiently managed or mitigated.”


The latest announced start date for the launch of the programme is the 14th September 2020, with the contract hoping to be completed by 31 December this year.

The office currently has the Personal Information Charter in place, designed to, “set the standard you can expect from the Cabinet Office when we collect, hold or use your personal information.”

Data will be held for a variety of reasons, including for correspondence between you and the government, and to inform individuals, or seek their views, about departmental policies or proposals.

The office says the newly announced programme is aiming to improve on the “capture, storage, management of personal and non-personal data”.

David Paul

Staff Writer, DIGIT

Latest News

%d bloggers like this: