Insights

Most organisations think about data security in terms of fines, downtime, or reputational harm. For some people, though, a breach isn’t just costly - it’s dangerous.

In the UK, a Ministry of Defence error exposed identities and contact details of Afghans linked to British operations. Many of those individuals were still living under Taliban control. Publishing their names, roles, and phone numbers didn’t just “violate privacy.” It could have put targets on their backs. The government scrambled to warn people, move families, and lock down processes. Parliamentary questions followed; costs ballooned; trust eroded.

That incident is a stark reminder: data isn’t abstract. It maps to human beings. And in some sectors-defence, humanitarian aid, healthcare, whistleblowing, domestic violence services-security failures can literally become life-and-death events.

This post breaks down how such breaches happen, and why “good intentions + spreadsheets” isn’t a safety strategy:

The chain of failure

It’s rarely one glitch. High-stakes breaches usually involve several mundane problems lining up:

• Over-collection & centralisation
  Too many fields gathered “just in case,” stored in a single place. One mistake now has systemic blast radius.
• Unstructured workflows
  Staff export CSVs, email attachments, and copy-paste lists because the “official system” is slow or unclear.
• Weak sharing controls
  Open mailing lists, permissive Google/M365 links, or misconfigured access groups make it easy to overshare.
• No contextual guardrails
  Systems don’t know that this dataset is sensitive or that these recipients are outside the risk boundary.
• Lack of detection & response
  If something is sent to the wrong person, there’s no automated containment.
• Secrecy over governance
  When incidents are hushed rather than managed, lessons don’t propagate and the same risks persist.

Necessary precautions

If the data you hold could endanger individuals - whether employees, informants, patients, or refugees then security must be designed around people, not just compliance checklists. That means:

• Minimising what you collect, how long you keep it, and where it lives.
• Compartmentalising by default, limiting who can ever see sensitive attributes.
• Instrumenting every movement of sensitive data with auditability and real-time controls.
• Automating protection so safety never depends on one person remembering the right checkbox.
• Practising incident “muscle memory”: simulate, detect, contain, notify, and learn.