Labour Party Risks £15m Fine For Not protecting Members' Data

Uploaded on 2020-02-17 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

The British Labour Party has reported some members of one candidates's leadership campaign team to the Information Commissioner regulator , accusing them of hacking into the party's membership database. 

Sources close to Labour leadership frontrunner Sir Keir Starmer have claimed dirty tricks by party insiders, after members of his team were reported to the Information Commissioner over an alleged breach of data protection rules. Sources claim that the supposed breach had in fact arisen as a result of Starmer officials checking out an allegation that one of the other candiates, Rebecca Long Bailey, may have broken the rules.

Two members of the shadow Brexit secretary’s team are understood to have been accused of hacking into the party’s membership database. These allegations were made against two members of Sir Keir's team and one of them is his compliance official. Starmer's team have said that these claims were "utter nonsense". However, the allegations are serious, and the confrontation has engulfed the campaign in bitter recrimination.

The Information Commissioner's Office (ICO) is the UK's independent body set up to uphold information rights and enforce data protection legislation. The watchdog has the power to fine any organisation found to have misused data in any way.
The ICO has confirmed it had received a report of a membership database breach, and would make inquiries.

The Labour Aprty General Secretary has made a formal referral to the Information Commissioner's Office over an alleged breach of data protection rules by members of the frontrunner's campaign team.The Labour Party could be fined up to £15m for failing to protect members' data. 

It was seen by allies of Sir Keir as an attempt to undermine his campaign, however, the move could backfire after the ICO confirmed the Labour Party itself would be the focus of any investigation, since it is legally responsible for securing members' information as the "data controller".

The potential fines for data protection failings have significantly increased as a result of changes to the Data Protection Act last year, which enacted the European General Data Protection Regulations (GDPR) in UK law.

Although there are a range of sanctions the ICO is able to issue for data protection failures, the maximum fine the party could face if it were found to have failed to secure the data could be more than £15m. The regulations stipulate that infringements of the principles for processing personal data are subject to the highest tier of GDPR administrative fines, which are set at the equivalent of €20m, or 4% of an organisation's total worldwide annual turnover if that is higher.

The allegation reported to the ICO suggested two members of Sir Keir's leadership campaign staff may have improperly accessed membership data via the "Dialogue" database. It is understood the Starmer campaign was attempting to demonstrate Ms Long-Bailey's campaign had breached rules by sharing a link to the Dialogue database with her supporters, a claim her team denies. The ICO is making enquiries into the issue following the referral from the Labour Party but has not yet confirmed whether a full investigation is to be launched.

in 2019 the ICO issued a record fine of £183m to British Airways for failing to sufficiently protect personal data, saying poor security arrangements had allowed passenger login, payment card, address and booking information to be compromised.
Ahead of the general election the ICO published guidelines for political parties setting out their responsibilities for handling data. 

It is understood all the eligible Labour Pary leadership candidates are required to guarantee that campaign information, including confidential data about supporters, will be stored securely and processed lawfully before it is given to them. 

Labour officials told two members of Starmer’s team that the Information Commissioner’s Office had been alerted about claims that staffers had “data-scraped”, effectively hacked, information from the party membership system. The Starmer campaign team says the inquiry began only after it alerted Labour to a potential data breach included in an email sent by Long-Bailey’s team to her supporters.

Sky News:      BBC:      Independent:        Guardian:     Image: tripod

You Might Also Read: 

Iowa Election App Vulnerable To Hackers:

 

 

 


 

« It Was The Chinese Army That Hacked Equifax
The Human Effect On AI Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Sucuri

Sucuri

Sucuri have offered holistic website security solutions since 2008 including malware removal, malware monitoring and website protection services.

ASU Online - Information Technology Program

ASU Online - Information Technology Program

The Information Technology program at ASU Online provides you with the expertise to design, select, implement and administer computer-based information solutions.

TitanHQ

TitanHQ

TitanHQ offers ultimate protection from internet based threats and powerful Web filtering functionalities to SMBs, Service Providers and Education sectors around the World.

SMiD Cloud

SMiD Cloud

SMiD encryption technology has been developed following the highest security practices to allow the data availability, integrity and confidentiality.

MedCrypt

MedCrypt

MedCrypt are a team of medical device experts focused on bringing modern cybersecurity features to the next generation of healthcare technology.

Redborder

Redborder

Redborder is an Open Source network visibility, data analytics, and cybersecurity Big Data solution that is scalable up to the needs of enterprise networks and service providers.

Ledger

Ledger

Ledger is a leader in security and infrastructure solutions for cryptocurrencies and blockchain applications using its proprietary technology.

Veracity Industrial Networks

Veracity Industrial Networks

Veracity provides an innovative industrial network platform that improves the reliability, efficiency, and security of industrial networks and devices.

LUCY Security

LUCY Security

LUCY is the answer when you want to increase your IT security, maintain your cyber security awareness, or test your IT defenses.

Hack The Box

Hack The Box

Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with thousands of people in the security field.

Guardian Data Destruction

Guardian Data Destruction

Guardian Data Destruction provides a comprehensive suite of onsite e-data destruction services.

MetaWeb Ventures

MetaWeb Ventures

MetaWeb Ventures is a global venture capital firm focused on pre-seed and seed investments in crypto start-ups.

ECIT

ECIT

ECIT is your preferred provider of finance and IT services. We believe in the value of combining financial and IT services to streamline and improve the operation of your business.

Zenzero

Zenzero

Zenzero simplifies technology adoption and supports our customers through managed and outsourced IT support.

Redefine

Redefine

Redefine are Crypto-Native, Cyber Experts, and Blockchain Believers. We are here to make Web3 anti-fragile, safe and accessible to all.

Zanutix Consulting

Zanutix Consulting

Zanutix specialize in a wide range of services including Network Design and Implementation, Data Management, Cloud Solutions, Software Development and Cybersecurity.