Question to the Ministry of Defence:

To ask His Majesty's Government what assessment they have made of the lessons learned from the Afghanistan data loss incident.

The Ministry of Defence (MOD) has commissioned several audits at various times since the data protection incident relating to the Afghan Relocations and Assistance Policy to inform remediation plans. All recommendations from these audits have been accepted and are either complete or work-in-progress.

It is a key priority of this Government to reinforce data handling practices. Within the Defence Afghan Relocation and Resettlement (DARR) team we have introduced a new casework management system which prioritises data protection. We also recently completed a comprehensive review on legacy data held within this casework management system and historic email accounts to ensure information is held at the right security classification and within the right location, which also enhances the case-working capability. This includes the application of need-to-know principles, with shared sites locked down and proactively managed.

A new senior civil servant level Chief Information Officer was appointed within the DARR team in October 2024 with responsibility for a larger and more skilled data and information management team. They produced a data strategy in line with the Government Digital Services’ data maturity assessment and this is shaped by priorities as identified from the myriad internal and external audits.

We regularly emphasise the need to complete the relevant mandatory training across DARR and all current staff have completed it. Bespoke induction training includes security briefings and data protection training, and there are regular communications on protecting information and expected behaviours, including discussions at senior leadership level.

We are continuously investing in our cybersecurity infrastructure to ensure we remain resilient against evolving threats. Through targeted interventions, campaigns, and role-specific training, we are embedding a culture where every individual understands their role in safeguarding Defence. By reinforcing positive cyber habits and reducing human cyber risk, we are building a workforce that is confident, capable, and cyber secure.