Labour Party Risks £15m Fine For Not protecting Members' Data

Uploaded on 2020-02-17 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

The British Labour Party has reported some members of one candidates's leadership campaign team to the Information Commissioner regulator , accusing them of hacking into the party's membership database. 

Sources close to Labour leadership frontrunner Sir Keir Starmer have claimed dirty tricks by party insiders, after members of his team were reported to the Information Commissioner over an alleged breach of data protection rules. Sources claim that the supposed breach had in fact arisen as a result of Starmer officials checking out an allegation that one of the other candiates, Rebecca Long Bailey, may have broken the rules.

Two members of the shadow Brexit secretary’s team are understood to have been accused of hacking into the party’s membership database. These allegations were made against two members of Sir Keir's team and one of them is his compliance official. Starmer's team have said that these claims were "utter nonsense". However, the allegations are serious, and the confrontation has engulfed the campaign in bitter recrimination.

The Information Commissioner's Office (ICO) is the UK's independent body set up to uphold information rights and enforce data protection legislation. The watchdog has the power to fine any organisation found to have misused data in any way.
The ICO has confirmed it had received a report of a membership database breach, and would make inquiries.

The Labour Aprty General Secretary has made a formal referral to the Information Commissioner's Office over an alleged breach of data protection rules by members of the frontrunner's campaign team.The Labour Party could be fined up to £15m for failing to protect members' data. 

It was seen by allies of Sir Keir as an attempt to undermine his campaign, however, the move could backfire after the ICO confirmed the Labour Party itself would be the focus of any investigation, since it is legally responsible for securing members' information as the "data controller".

The potential fines for data protection failings have significantly increased as a result of changes to the Data Protection Act last year, which enacted the European General Data Protection Regulations (GDPR) in UK law.

Although there are a range of sanctions the ICO is able to issue for data protection failures, the maximum fine the party could face if it were found to have failed to secure the data could be more than £15m. The regulations stipulate that infringements of the principles for processing personal data are subject to the highest tier of GDPR administrative fines, which are set at the equivalent of €20m, or 4% of an organisation's total worldwide annual turnover if that is higher.

The allegation reported to the ICO suggested two members of Sir Keir's leadership campaign staff may have improperly accessed membership data via the "Dialogue" database. It is understood the Starmer campaign was attempting to demonstrate Ms Long-Bailey's campaign had breached rules by sharing a link to the Dialogue database with her supporters, a claim her team denies. The ICO is making enquiries into the issue following the referral from the Labour Party but has not yet confirmed whether a full investigation is to be launched.

in 2019 the ICO issued a record fine of £183m to British Airways for failing to sufficiently protect personal data, saying poor security arrangements had allowed passenger login, payment card, address and booking information to be compromised.
Ahead of the general election the ICO published guidelines for political parties setting out their responsibilities for handling data. 

It is understood all the eligible Labour Pary leadership candidates are required to guarantee that campaign information, including confidential data about supporters, will be stored securely and processed lawfully before it is given to them. 

Labour officials told two members of Starmer’s team that the Information Commissioner’s Office had been alerted about claims that staffers had “data-scraped”, effectively hacked, information from the party membership system. The Starmer campaign team says the inquiry began only after it alerted Labour to a potential data breach included in an email sent by Long-Bailey’s team to her supporters.

Sky News:      BBC:      Independent:        Guardian:     Image: tripod

You Might Also Read: 

Iowa Election App Vulnerable To Hackers:

 

 

 


 

« It Was The Chinese Army That Hacked Equifax
The Human Effect On AI Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Prosperon Networks

Prosperon Networks

Prosperon Networks support SMB to Enterprise networks through the provisioning of network monitoring software, customisation, consultancy and installation.

Center for a New American Security (CNAS)

Center for a New American Security (CNAS)

CNAS is the nation's leading research institution focused on defense and national security policy. Cyber security issues are an intrinsic element of the national security debate.

ThreatHunter.ai

ThreatHunter.ai

ThreatHunter.ai (formerly Milton Security) is a business that tracks down and mitigates attacks in real time using our ARGOS Platform and our Elite Threat Hunters.

Secure Technology Alliance

Secure Technology Alliance

Secure Technology Alliance is a multi-industry association working to stimulate the adoption and widespread application of secure solutions.

Electric Imp

Electric Imp

Electric Imp offers an innovative and powerful Internet of Things platform that securely connects devices with advanced cloud computing resources.

Me Learning

Me Learning

Me Learning provides engaging, informative and clearly explained learning materials for complex and challenging professional environments in areas including GDPR and Information Governance.

StormWall

StormWall

StormWall is an Anti-DDoS protection service for websites and networks. We offer 100% protection from all types of DDoS attacks and 24/7 technical support.

Information & eGovernment Authority (iGA) - Bahrain

Information & eGovernment Authority (iGA) - Bahrain

The Information & eGovernment Authority facilitates many services catering to different parts of the community within the IT sector in Bahrain including information security.

Privacyware

Privacyware

Privacyware's ThreatSentry combines a state-of-the-art Web Application Firewall and port-level firewall with advanced behavioral filtering to block unwanted IIS traffic and web application threats.

Corellium

Corellium

Corellium are dedicated to supporting our peers in the ARM community who seek to build more secure, performant, and accessible software and devices.

MalwareFox

MalwareFox

MalwareFox is an advanced, yet simple-to-use anti-malware solution for Windows computers. We provide aggressive detection capabilities and an effective malware removal tool to keep your systems safe.

Ankura Consulting Group

Ankura Consulting Group

Ankura is a global expert services and advisory firm that delivers services and end-to-end solutions in a wide range of areas including cybersecurity and digital transformation.

Venticento

Venticento

Venticento is an IT company specialized in consulting and network support and assistance for companies that need to make their business processes more effective.

Secur-Serv

Secur-Serv

Secur-Serv is a security-first managed services provider. We provides Managed IT, Managed Print, Managed Device, and Cybersecurity services to companies of every size.

Early Game Ventures (EGV)

Early Game Ventures (EGV)

Early Game Ventures invests in startups that jumpstart new industries in the emerging markets of Europe.

SecureFlag

SecureFlag

SecureFlag is dedicated to enhancing secure coding across all technical profiles within the Software Development Lifecycle.