Labour Party Risks £15m Fine For Not protecting Members' Data

Uploaded on 2020-02-17 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

The British Labour Party has reported some members of one candidates's leadership campaign team to the Information Commissioner regulator , accusing them of hacking into the party's membership database. 

Sources close to Labour leadership frontrunner Sir Keir Starmer have claimed dirty tricks by party insiders, after members of his team were reported to the Information Commissioner over an alleged breach of data protection rules. Sources claim that the supposed breach had in fact arisen as a result of Starmer officials checking out an allegation that one of the other candiates, Rebecca Long Bailey, may have broken the rules.

Two members of the shadow Brexit secretary’s team are understood to have been accused of hacking into the party’s membership database. These allegations were made against two members of Sir Keir's team and one of them is his compliance official. Starmer's team have said that these claims were "utter nonsense". However, the allegations are serious, and the confrontation has engulfed the campaign in bitter recrimination.

The Information Commissioner's Office (ICO) is the UK's independent body set up to uphold information rights and enforce data protection legislation. The watchdog has the power to fine any organisation found to have misused data in any way.
The ICO has confirmed it had received a report of a membership database breach, and would make inquiries.

The Labour Aprty General Secretary has made a formal referral to the Information Commissioner's Office over an alleged breach of data protection rules by members of the frontrunner's campaign team.The Labour Party could be fined up to £15m for failing to protect members' data. 

It was seen by allies of Sir Keir as an attempt to undermine his campaign, however, the move could backfire after the ICO confirmed the Labour Party itself would be the focus of any investigation, since it is legally responsible for securing members' information as the "data controller".

The potential fines for data protection failings have significantly increased as a result of changes to the Data Protection Act last year, which enacted the European General Data Protection Regulations (GDPR) in UK law.

Although there are a range of sanctions the ICO is able to issue for data protection failures, the maximum fine the party could face if it were found to have failed to secure the data could be more than £15m. The regulations stipulate that infringements of the principles for processing personal data are subject to the highest tier of GDPR administrative fines, which are set at the equivalent of €20m, or 4% of an organisation's total worldwide annual turnover if that is higher.

The allegation reported to the ICO suggested two members of Sir Keir's leadership campaign staff may have improperly accessed membership data via the "Dialogue" database. It is understood the Starmer campaign was attempting to demonstrate Ms Long-Bailey's campaign had breached rules by sharing a link to the Dialogue database with her supporters, a claim her team denies. The ICO is making enquiries into the issue following the referral from the Labour Party but has not yet confirmed whether a full investigation is to be launched.

in 2019 the ICO issued a record fine of £183m to British Airways for failing to sufficiently protect personal data, saying poor security arrangements had allowed passenger login, payment card, address and booking information to be compromised.
Ahead of the general election the ICO published guidelines for political parties setting out their responsibilities for handling data. 

It is understood all the eligible Labour Pary leadership candidates are required to guarantee that campaign information, including confidential data about supporters, will be stored securely and processed lawfully before it is given to them. 

Labour officials told two members of Starmer’s team that the Information Commissioner’s Office had been alerted about claims that staffers had “data-scraped”, effectively hacked, information from the party membership system. The Starmer campaign team says the inquiry began only after it alerted Labour to a potential data breach included in an email sent by Long-Bailey’s team to her supporters.

Sky News:      BBC:      Independent:        Guardian:     Image: tripod

You Might Also Read: 

Iowa Election App Vulnerable To Hackers:

 

 

 


 

« It Was The Chinese Army That Hacked Equifax
The Human Effect On AI Security »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Retail & Hospitality Information Sharing & Analysis Center (RH-ISAC)

Retail & Hospitality Information Sharing & Analysis Center (RH-ISAC)

Retail & Hospitality ISAC operates as a central hub for sharing sector-specific cyber security information and intelligence.

Data Resolve Technologies

Data Resolve Technologies

Data Resolve offer a mechanism through which customers can detect and tackle various kinds of sensitive activities pertaining to data loss and data theft.

Bird & Bird

Bird & Bird

Bird & Bird is an international law firm with a focus on helping organisations being changed by technology and the digital world. Areas of expertise include cyber security.

Checksum Consultancy

Checksum Consultancy

Checksum Consultancy specializes in Information security, Risk management, and IT governance.

Smart Contract Security Alliance

Smart Contract Security Alliance

The Smart Contract Security Alliance supports the blockchain ecosystem by building standards for smart contract security and smart contract audits.

GitGuardian

GitGuardian

Enable developers, ops, security and compliance professionals to enforce security policies across public and private code, and other data sources as well

Plexal

Plexal

Plexal is East London's innovation centre and co-working space. We offer startups flexible memberships, giving them access to office space plus all the benefits and support they need to scale.

Forgepoint Capital

Forgepoint Capital

ForgePoint Capital is a premier venture investor for early stage cybersecurity companies.

Gytpol

Gytpol

Gytpol is a leader in Endpoint Configuration Security (ECS) solutions, providing validation, remediation & securing of IT Policies and IT Infrastructure on-premise and in the cloud.

Eureka Technology Partners

Eureka Technology Partners

Eureka Technology Partners are committed to helping you focus on your business by taking care of your IT infrastructure and data security needs.

TekSek Cyber Security

TekSek Cyber Security

Preparing you for tomorrow's security threats.

Control System Cyber Security Association International (CS2AI)

Control System Cyber Security Association International (CS2AI)

CS2AI is the premier global not for profit workforce development organization supporting professionals of all levels charged with securing control systems.

Terralogic

Terralogic

Terralogic is a software and IT services company, an expert in IoT, Cloud, DevOps, App development and Cybersecurity.

Everfox

Everfox

Everfox (formerly Forcepoint Federal) has been defending the world's most critical data and networks against the most complex cyber threats imaginable for more than 25 years.

Razilio

Razilio

Razilio is a boutique cybersecurity consultancy located in Sydney, Australia and serving the world.

OryxAlign

OryxAlign

OryxAlign offer managed IT and cyber security, cloud and digital transformation, and tailored professional and consulting services.