According to the documents released by the UK data regulator, the Ministry of Defense was warned to not share the information on the tab hidden from the Afghan data leaks.
Last month it was revealed that the details of about 19,000 people who applied to visit the UK were leaked when an officer emailed a spreadsheet with a hidden tab with information.
The documents issued by the Information Commissioner’s Office (ICO) also reveal that the employees there expressed concern about why the body has not fined the modes.
MOD said he had worked to improve data security, but a spokesman for ICO said that the government has not yet done enough to learn lessons.
According to an ICO memo, guidance in place at the time of leakage revealed that “MOD was aware of the risks and clearly referred to the need to remove the data hidden from the dataset”.
Hidden tab spreadsheet software has a common feature and makes the information invisible for the user, but still easily accessible if the settings on a document change.
The government estimates that the 2022 leaks, due to which the Taliban had an emergency rehabilitation plan for people at risk of harassment, would eventually cost around £ 850m.
In September 2023, a super-appointer given by the High Court stopped the incident before reporting for almost two years The order was removed last month,
Shortly after knowing about data breech in 2023, he informed the UK data regulator, ICO. Both bodies held several secret meetings in the next two years and documents published by the regulator revealed that some were discussed.
They say that government officials have described leakage as the possibility of “the most expensive email ever” being, and the internal email also explains that ICO employees expressed concern about why the body had not chosen to investigate the MOD independently or issue a fine.
Data violations by public bodies should be legally informed to ICO, which can then decide to investigate and fix the responsible organization.
ICO employees discussed the potential “reputed risk” for the regulator after not taking action against MOD, despite issuing a fine of £ 350K for very small Afghan data violations in 2023.
In an email sent in the afternoon before the leak became public, an ICO staff member said that his justification for not fining the government was still “incomplete answer”.
The documents were published earlier this month after the freedom of information request by ICO which was not presented by the BBC.
Written notes were forbidden during secret meetings, but only an ICO memo expanding the entire time was prepared after the incident went public last month.
Memo says that MOD “took intensive measures to recover and remove data from all identified sources” and “limit loss of control” after discovery of violations.
In a private email discussion, an ICO staff member questioned that “it was taking so much time to decide whether to investigate” and said “If I was a journalist, I asks why it took two years to take action or not.
Another said that ICO played an “important role”, but said “the reality is that we are only able to review the information in CITU and have been dependent on the mod to gather evidence under our guidance”.
Documents suggest that ICO eventually decided against the approval of MOD as it “did not want to apply additional cost to the taxpayer”.
Last week, BBC News revealed that 49 were different data violations In the last four years, in the Unit to handle rehabilitation applications from Afghans seeking security in the UK.
A spokesman from the ICO stated that “he clearly focused on ensuring that the causes of the violations were identified, improved and learned lessons”.
He said that the government had “not yet enough to achieve the speed of necessary changes” and said that he had “asked for assurance that necessary reforms are being made and the standards are being raised”.
An MOD spokesperson said that the government has worked to “improve data security in the department through better software, training and data experts”.
He said: “We have worked hand in hand with ICO during an internal investigation and have fully accepted all recommendations for not re -having an uniform event.”
