Legacy systems limiting adoption of technical solutions to prevent data leaks

Senior UK government officials have informed the Science, Innovation and Technology Committee that legacy IT infrastructure is hampering efforts to implement technical safeguards against sensitive data leaks. The hearing followed an Information Security Review, which recommended that government departments share information directly from sources rather than relying on email. The measures are intended to eliminate human error, such as the Ministry of Defence (MoD) 2022 personal data breach that exposed the identities of thousands of Afghans applying for relocation to the UK.

Ian Murray, Minister for Digital Government and Data, told the Committee that technical solutions preventing staff from attaching documents to emails are essential for driving cultural change. However, while he confirmed these measures would be rolled out where appropriate, the government's chief data officer, Aimee Smith, highlighted significant technical hurdles. Smith explained that many departments and arm's-length bodies still operate on disparate legacy systems where emailing attachments is the only viable method for transferring data.

Smith noted that while modern platforms like Google Workspace and Microsoft 365 enable secure document sharing, cross-departmental sharing remains difficult. This is particularly evident when interacting with external bodies using older equipment. Although the necessary tools for secure sharing exist, Smith emphasised that overcoming the complexity of the current IT estate will require targeted investment and support. 

Training Announcement: Freevacy offers a range of short one-day courses on a range of data-related subjects, including data protection topics such as conducting DPIAs and privacy-by-design, as well as how to use AI tools responsibly, cybersecurity best practices, and information access. The interactive sessions cover basic concepts through to advanced examinations of specific areas. Find out more.