Ministry of Defence sees 18 per cent rise in data loss incidents

There were 546 incidents involving personal data in 2019-20

Personal data loss incidents suffered by the UK's Ministry of Defence (MoD) in 2019-20 increased by 18 per cent compared to the previous year.

That is according to official figures from the MoD's annual report [pdf] which covered all security incidents during the period from 1^st April 2019 to 31^st March 2020.

Most of the data breaches suffered by the MoD during the 12-month period pertained to the inadequate storage of devices, electronic equipment and documents, according to think tank Parliament Street.

In total, there were 546 incidents of potential data breaches reported in the financial year 2019-20, compared to 463 in 2018-19.

Forty-nine of the 546 breaches were classified under 'loss of inadequately protected electronic equipment, devices or paper documents from secured government premises' - down 21 per cent from 62 such incidents in 2018-19.

An additional 19 incidents relating to the loss of equipment/devices/documents were reported from outside of government premises - down 10 per cent from 21 in 2018-19.

One data loss incident in 2019-20 occurred due to insecure disposal of inadequately protected paper documents, according to the MoD report. No such incident was report in the previous year.

In addition, there were 454 incidents which were logged under the general category of 'unauthorised disclosure' up 29 per cent from 352 incidents during the previous year.

Seven incidents were reported to the Information Commissioner's Office (ICO) for further analysis.

In one such incident, which happened in July 2019, a sub-contractor improperly disposed of confidential documents, resulting in the unauthorised disclosure of the personnel data of two former employees.

In another incident, which also occurred in July 2019, unauthorised access to patient notes led to disclosure of dental health data of one employee.

Then in August, loss of files identified during archiving process resulted in disclosure of criminal investigation details related to 16 people.

In December 2019, the details of the outcome of disciplinary action was mistakenly revealed to a third party, resulting in unauthorised disclosure of personnel and disciplinary data related to one person.