Should Matt Hancock have paid attention to warnings from the ICO?  


Former Secretary of State for Health and Social Care, Matt Hancock has found himself in the midst of yet another political scandal. This time relating to the deliberate leak of over 100,000 messages between Mr Hancock and other ministers and officials at the height of the Covid-19 pandemic by journalist Isabel Oakeshott.  

Ms Oakeshott was given the messages to help Mr Hancock write a book detailing his experience of the pandemic. But she subsequently leaked these messages (which have been dubbed #lockdownfiles) to The Telegraph newspaper citing “overwhelming national interest”.  

While Ms Oakeshott admits to breaking a non-disclosure agreement (NDA) by leaking the WhatsApp messages, it is yet to be seen whether she will suffer any legal consequences for doing so. Not least because so-called “confidentiality clauses” cannot be enforced if there is a genuine public interest defence.  

What’s more, the Information Commissioner’s Office (ICO) – which monitors data protection regulation compliance – has already gone on record to say that it will not be taking any action over this data breach.  

A spokesperson for the ICO said: “At this stage we do not see this as a matter for the ICO but there are questions around the conditions on which departing members of government retain and subsequently use official information which need to be considered by organisations such as the Cabinet Office.” 

The ICO has already warned politicians about WhatsApp use

Last year, the regulator reprimanded the Department of Health and Social Care (DHS) for its use of WhatsApp during the Covid-19 pandemic. It also called for a “government review into the systemic risks and areas for improvement around the use of private correspondence channels – including private email, WhatsApp and other similar messaging apps”.  

An investigation by the ICO into the use of these channels by Ministers and officials at the DHSC found that:   

  • There was extensive use of private correspondence channels by Ministers and DHSC staff 
  • The practice was commonly seen across much of the rest of government and predates the pandemic 
  • The DHSC did not have appropriate organisational or technical controls in place to ensure effective security and risk management of private correspondence channels being used.   
  • The use of such channels presented risks to the confidentiality, integrity and accessibility of the data exchanged.  

 The ICO also called for a review of practices, and provided some key recommendations, to ensure improved use of private correspondence channels moving forward. Perhaps Matt Hancock should have paid attention to this warning, although the damage had no doubt already been done.  

In March 2024, our firm changed its name to KP Law. 

Share this article: