Labour has dramatically shut down its confidential voter canvassing system amid claims one of the eight breakaway MPs tried to access party supporters’ personal data.
In a letter to staff and to current and former MPs, general secretary Jennie Formby revealed that in recent days an attempt had been made to access the information by “individuals no longer authorised to do so”.
Labour officials acted swiftly to temporarily close down its ‘Contact Creator’ and ‘Organise’ systems, both of which are used for campaigning between and during elections. Staff were also shut out of access to a database on party members.
A party source told HuffPost UK that one backbench member of The Independent Group (TIG) of MPs was the focus of the security alert action, although former shadow minister Chris Leslie was quick to dismiss the claims.
They form part of a bitter war of words between the defectors and Labour, with Corbyn’s spokesman declaring on Wednesday that the eight MPs were pro-austerity, privatisation and corporate tax cuts.
In her letter, Formby said: “In recent days…the party has become aware of a number of attempts to access personal data held on the party’s systems by individuals who are not, or are no longer, authorised to do so.”
She added that it was vital to maintain a legal duty to protect information under GDPR (the EU’s General Data Protection Regulations) and the 2018 Data Protection Act.
“Much of the data held on our systems tends to reveal individuals’ political opinions and is therefore ‘special category’ data, benefiting from enhanced protection under the legislation,” Formby wrote.
Information on millions of voters is crucial for any new political party, as is any database of potential defectors among party members.
A select group of staff were allowed access to the data on Wednesday, HuffPost understands.
A Labour Party source said: “Only three days into its existence and the Independent Group is already a shambles. They’re refusing to report who their donors are, they’ve registered as a private company to avoid doing so, and now there might be evidence of data theft. They embody everything that’s broken in the politics of the past.”
A party spokesperson said: “We are aware that the Information Commissioner is taking an increasingly serious view of misuse of personal data and requires a data controller to take reasonable and proportionate steps to ensure the security of data held on its systems. The Labour Party takes our data protection obligations extremely seriously.”
But Leslie told HuffPost UK that the claims were without foundation, and said they were an attempt to tarnish the new Independent Group’s reputation.
“We all got a huffy email from Jennie Formby demanding to know by 10am that we’ve not been using data,” he said.
“On our resignation, we obviously stopped using Labour Party facilities including data. Prior to resignation, when you are still a Labour Party member, of course you can use the data that we’ve been familiar with all these years.
“But apparently it’s the data controller who has responsibility to restrict access, so they might have shot themselves in the foot by admitting they did not switch off data on receipt of our resignations.
“The bigger point is the mistake of the Labour Party not recognising with good grace what a difficult decision splitting from the Labour Party represented. They are trying to pick a fight when No.10 didn’t do that with the Conservatives [who quit their party]. These are ad hominem attacks, I’d love to focus on the philosophical differences.”
Formby’s letter in full to the Parliamentary Labour Party of MPs:
As you know, personal data the Party holds about individuals is protected by law, notably by the GDPR and Data Protection Act 2018. That data includes membership records, voter ID and other information generated in the course of our activities. Data held by the Party, including data within Contact Creator and other systems used for election or other campaigning work, may only be accessed by individuals who are authorised to access it, and may be used only for purposes authorised by the Party as data controller. Much of the data held on our systems tends to reveal individuals’ political opinions and is therefore “special category” data, benefiting from enhanced protection under the legislation.
The Party’s elected representatives, at all levels, have a proud record of conscientiously observing their obligations in relation to personal data. In recent days, however, the Party has become aware of a number of attempts to access personal data held on the Party’s systems by individuals who are not, or are no longer, authorised to do so. We are aware that the Information Commissioner is taking an increasingly serious view of misuse of personal data. Anyone accessing, using or otherwise processing data without authority or for an unauthorised purpose is at risk of action by the Commissioner’s Office, whose powers have increased substantially since the 2018 Act became law. The Commissioner also requires a data controller to take reasonable and proportionate steps to ensure the security of data held on its systems, and it is in this context that I am writing to remind you of the importance of strictly observing the requirements of the legislation. The Party will be expected to take action in relation to any breaches or attempted breaches it discovers.
If you have any queries about the requirements of the legislation, or your obligations in relation to personal data held by or obtained from the Party, please do let me know so that I can arrange for appropriate advice and guidance to be provided.