Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Insider Leaks 1,000-page Dossier on BBC Confidential Sources

The dossier contains the names of confidential BBC sources for a “Panorama” investigation by the broadcaster into the operations of the mayor, Lutfur Rahman
The dossier contains the names of confidential BBC sources for a “Panorama” investigation by the broadcaster into the operations of the mayor, Lutfur Rahman

“We can confirm that there has been a breach of data protection at an independent production company working with the BBC on a Panorama investigation as a result of unauthorized disclosure by a former researcher on the production team, in breach of her obligation of confidentiality,” the BBC said in a statement. “This breach includes material relating to the programme’s confidential sources. Our primary concern is to protect our sources and we are urgently investigating the matter. We have also notified the ICO.”

The dossier contains the names of confidential BBC sources for a “Panorama” investigation by the broadcaster into the operations of the mayor, Lutfur Rahman. The issue has sparked a war of words between the BBC and Rahman, who characterized the leak as a whistleblowing move geared to halt “racist” behavior.

The documentary examined allegations from opponents that Lutfur used public funds for his campaign activities and for personal gain. Lutfur, a Muslim Bangladeshi who is the first person of sub-Continent origin to be elected a mayor in the country, is a polarizing figure and has denied a raft of accusations: Panorama said that he more than doubled funding for Bengali and Somali-run charities and cut funding for others. And according to the Evening Standard, he also has faced allegations of homophobia, links to the Islamic Forum of Europe and has been called out for spending £115,000 in office enhancements while meanwhile cutting public programs. He has denied the allegations.

Lutfur called the profile “racist and Islamophobic,” and accused the BBC of having a political agenda.

“I believe the programme is being used for political campaigning and electioneering purposes just weeks before local and Mayoral elections in May,” his office said in a statement. “A dossier passed to us by a BBC whistleblower has revealed it to be in total breach of the BBC’s editorial guidelines as a public broadcaster.”

The so-called “whistleblower” admitted to printing off the document, which was housed on an online cloud computing platform, saying that she gave it to the mayor to help him combat unfair and slanted coverage. She told the Independent that she was the only person of Bangladeshi origin working on the show, and that “my basic point was that this is damaging to the Bengali community.”

The BBC denied all racial and political motivations in its coverage and “apologized unreservedly” to the compromised sources.

Regardless of which side of the issue one is on, it brings up the very real problem of data security and insider threats.

“In the past six to nine months, we have seen a significant rise in data breaches across all sectors, including the entertainment and media industry,” said Ryan Kalember, information security expert and chief product officer at WatchDox, in a comment to Infosecurity. “It is not enough for companies to just write ‘confidential’ on a file folder, protect a device or implement passwords for data access. Too often, individuals find a way of circumventing these methods as is the case with the BBC/Films of Records former employee who simply accessed and leaked a dossier.”

As Tory MP Philip Davies, a member of the all-party Culture Select Committee, said: “Who is going to trust a BBC investigation in future after such a schoolboy error?”

The best way to control intellectual property and ensure that it remains safe regardless of when and how others access it is to attack the problem at the source – the file itself, according to Kalember.

“Through file-level data security, companies are assured that information is continuously protected, reducing their overall operational risk of lost data, potential lawsuits and involvement in investigations related to data protection law infringements,” he said.

What’s Hot on Infosecurity Magazine?