Watchdog reprimands Labour following data breach

3 months ago 22
Chattythat Icon

The information watchdog has formally reprimanded the Labour Party for failing in its data protection duties following a cyber attack.

More than 150 complaints were made to the Information Commissioner's Office (ICO) about the handling of inquiries about personal data, known as Subject Access Requests (SARs).

An investigation revealed the problem developed in part because an email inbox containing hundreds of requests had not been monitored for 12 months, up to November 2021.

ICO deputy commissioner Stephen Bonner said the ability to request personal data was "a fundamental right", and provided "both transparency and accountability".

"The public need to fully trust that a political party will handle their data correctly and respect their information rights," he said.

"We welcome news that the Labour Party has now cleared its backlog of SARs and implemented further measures to ensure people receive a prompt response going forward."

A cyber attack on the Labour Party in October 2021 led to an increase in requests from the public, which it had an obligation to respond to within one month of receipt.

However, monitoring of a "privacy inbox" related to the attack ended in November the same year, with no response provided to about 646 SARs and 597 requests for the deletion of personal information.

Under data protection law, people have the right to ask an organisation if it is using or storing their personal information and receive a copy of any personal information held.

As of November 2022, the Labour Party had received 352 SARs, but 78% did not receive a response within the time limit of three months, and more than half (56%) were significantly delayed by more than one year.

The ICO reprimanded Labour for failing to comply with its legal obligations and ordered an action plan to deal with the backlog, including hiring sufficient staff.

Since then, the party has assigned three temporary members of staff to handle outstanding requests.

The ICO said the backlog had now been dealt with and Labour had implemented measures to ensure people received a prompt response in the future.

A Labour spokesman said: “The Labour Party has engaged fully with the ICO and undertaken comprehensive action to improve our processes in response to its findings.”

Read Entire Article