Post Office Leaks Details of Wrongfully Convicted Operators; Urgent Investigation Launched

An urgent investigation into a recent data breach involving Post Office leaks has been launched. The breach exposed the private details of 555 sub-postmasters on the public corporation’s website. Below, we examine the events surrounding the incident, the growing concern over data breaches, and the measures employers can take to mitigate them.

If you have any questions or issues concerning employment law, please don’t hesitate to get in touch with us. Redmans Solicitors have years of experience in the sector and can provide specialist advice. After a brief consultation, we can discuss the best way for you to proceed.

To begin:

Post Office Leaks Discovered: Data Breach Investigation Launched

In 2019, the Post Office faced a lawsuit in the High Court that resulted in many operators being exonerated for wrongful convictions, including theft and fraud. This, of course, concerned the defective Horizon IT software. 

Unfortunately, it has recently been revealed that the public corporation has had information leaked onto their website. The Post Office leaks include the names and addresses of 555 individuals involved in the 2019 lawsuit.

Upon learning of this discovery, the Post Office removed the information published on their website. They also referred themselves to the Information Commissioners Office (ICO), the UK’s data protection watchdog. Subsequently, the ICO stated, “Post Office Limited have made us aware of an incident and we are assessing the information provided”.

Human Error in Data Breach Security

According to the ICO, data breaches are becoming increasingly frequent. Between 2019 and 2023, governmental financial data breaches surged by an alarming 8000%.

But that’s not all. The Post Office leaks, attributed to human error, highlight a broader issue. In 2023, the ICO reported that 78% of the 2,172 reported breaches were due to non-cyber influences, typically human error.

Common causes of these incidents include inadvertently sending emails containing personal data to the wrong recipient and neglecting to use blind carbon copy (BCC), thereby exposing email addresses to multiple recipients in mass emails.

Even seemingly minor incidents can have significant financial repercussions. The average cost of a data breach in the UK rose by 8.1% last year, bringing the total to £4.56 million.

Inadequate Data Protection Highlighted By Post Office Leaks

Considering the significant damage caused by data breaches like the Post Office leaks, one might assume employers are actively addressing the issue. Surprisingly, this is not the case.

Awareness of data protection schemes like Cyber Essentials remains limited, with only 14% of businesses and 15% of charities acknowledging their existence. Furthermore, many entities fail to report data breaches; only 34% of businesses and 37% of charities do so. Even when breaches are reported, the information often stays within their IT departments and is not escalated further. Clearly, employers need to take more proactive measures to address the growing data breach problem.

Strategies to Enhance Data Security Practices

First, given that a significant number of incidents stem from human error, it is evident that employee training is imperative. This training should encompass several critical areas, including:

  • Common Mistakes – From falling victim to phishing scams to overlooking the BCC feature, individuals should be educated about prevalent errors that contribute to breaches. While accidents can still happen, raising awareness about these common pitfalls could help decrease their occurrence.
  • Data Handling – Another straightforward approach to reducing frequent breaches is training staff in proper data handling. Maintaining clear desks prevents unauthorised access, while regularly updating client contact information stops inadvertent disclosures of personal data to incorrect recipients.
  • Reporting a Breach – Occasionally, individuals hesitate to report a data breach they’ve caused, fearing repercussions. However, failing to report can exacerbate the situation more than the incident itself if promptly reported and resolved. Therefore, fostering a culture where employees feel safe to report mistakes is crucial for minimising damage.

Another essential measure employers mustn’t overlook is a comprehensive data protection policy. This should reinforce the elements covered in training, such as maintaining a clear desk and how to handle data when working remotely. It should also provide clear answers to common questions and outline the procedures to follow during a data leak.

Also, while protecting personal data may seem obvious, it is often overlooked. Therefore, it is crucial to ensure that protection measures are appropriate and effective. This could be as simple as locking sensitive documents in a cabinet or as advanced as investing in antivirus software and encryption technologies.

Finally, not everyone in every role needs access to everything. Employers can significantly reduce the risk of unnecessarily exposing sensitive information by restricting access so that staff only have the personal data necessary to complete their duties. This, in turn, can help prevent accidental data leaks.

Have any Employment Law Questions?

We hope this article on the Post Office leaks has been insightful. If you have any questions regarding employment law, please contact Redmans Solicitors. As specialists in the field, we can offer expert advice after a brief consultation.

Get in touch with us now to find out more by: