UK Labour Party Databases Locked Down After Unauthorized Access

2019, Breaches, February

Who: Breakaway MPs accused of making off with Labour Party data without Authorization

# of Records: Undetermined

When it Occurred: February 21, 2019

What Happened: The Labour party learned of a number of attempts to access personal data by individuals who are not, or are no longer, authorized access to that information.

How it Happened: In a possible breach of data protection laws,‚Äč one or more of the Labour MPs that have this week left the party to form The Independent Group had slurped members’ details to take with them for use in future campaigns.

Outcome: The data controller also has responsibilities to make sure data is properly protected, which includes ensuring that people who aren’t entitled to access data are unable to do so. Labour shut off access to Organise (volunteer management and comms tool) and Contact Creator (a tool used to produce materials and monitor campaigns.) It isn’t clear how or when this happened and the person, or people, had already left the Labour Party at the time of the incident. More broadly, the party could also face questions over the number of people with access to its databases. It isn’t clear whether the party has reported the incident to the ICO. When asked, the ICO didn’t confirm either way. The Labour Party did not respond to a request for comment.