Overview

• The Cabinet Office released a 2023 information security review, with ministers saying 12 of 14 recommendations are now in place.
• Information Commissioner John Edwards warned that breaches endanger lives and pressed for urgent full implementation, including stronger leadership oversight.
• Dame Chi Onwurah said the review’s secrecy raised accountability concerns and has summoned Pat McFadden and John Edwards to give evidence next month.
• The review examined 11 breaches across departments and found recurring failures involving uncontrolled mass data exports, misdirected emails, and hidden spreadsheet data.
• Context for the urgency includes the 2022 MoD error that exposed details of 18,714 ARAP applicants, later prompting a gag order and a secret ARR relocation programme projected to cost about £850m.