Labour Slammed for Failing to Meet Data Requests on Time: ICO Exposes Party’s Negligence, Fueling Public Outrage and Trust Issues.H
Labour failed to respond on time to people’s requests for their data, says ICO
Watchdog investigated after complaints from individuals who had sent subject access requests after 2021 cyberattack
- UK politics live – latest updates
Labour has been criticised by the UK’s data protection watchdog for failing to respond to people who had formally asked the party for what information it held about them.
The backlog mounted after a cyberattack on the party in October 2021, which led to a flood of requests from the public. The party said it had now cleared its backlog.
More than 350 people experienced long delays when they contacted the party with subject access requests – which anyone can use to ask organisations what personal information is being held about them.
The Information Commissioner’s Office (ICO) said the Labour party had been “repeatedly failing” to respond to the request. It received 352 subject access requests (SARs) in November 2022, but 78% did not receive a response within the maximum compulsory time limit of three months and more than half (56%) were delayed by more than a year.
The investigation was prompted by more than 150 complaints to the ICO regarding the handling of SARs between 2021 and 2022.
During its investigation, the ICO said it uncovered a “privacy inbox” that had not been monitored by the Labour party since November 2021. The inbox contained approximately 646 additional SARs and approximately 597 requests for personal information to be deleted. None of the requests had been responded to.
Stephen Bonner, a deputy commissioner at the ICO, said: “Being able to ask an organisation: ‘What information do you hold on me?’ and: ‘How it is being used?’ is a fundamental right, which provides both transparency and accountability. It is vital that organisations do not underestimate the importance of responding to these requests on time.
“The public need to fully trust that a political party will handle their data correctly and respect their information rights.
“We welcome news that the Labour party has now cleared its backlog of SARs and implemented further measures to ensure people receive a prompt response going forward.”
Labour said it was assigning three temporary members of staff to solely tackle the outstanding requests, allocating extra funds and implementing an action plan.
The ICO has issued the party with a formal reprimand and it has had to ensure it still has adequate staffing in place to respond to SARs on time and ensure future compliance with the law.
A Labour spokesperson said: “The Labour party has engaged fully with the ICO and undertaken comprehensive action to improve our processes in response to its findings.”
The party said that as of April 2024, the backlog of subject access requests and erasures had been fully cleared, and it no longer had any active complaints.
Labour HQ was hit by a “cyber incident” in 2021 that meant that a “significant quantity” of members’ and supporters’ data became inaccessible. It was believed to be a ransomware attack, in which hackers demand money to restore access to data that has been seized and encrypted.
This is what we’re up against
Bad actors spreading disinformation online to fuel intolerance.
Teams of lawyers from the rich and powerful trying to stop us publishing stories they don’t want you to see.
Lobby groups with opaque funding who are determined to undermine facts about the climate emergency and other established science.
Authoritarian states with no regard for the freedom of the press.
***The Information Commissioner’s Office (ICO) has criticized the Labour Party for its significant failure to respond to public requests for data in a timely manner. This lapse has sparked considerable outrage and raised serious concerns about the party’s commitment to transparency and accountability. According to the ICO, Labour’s delayed responses not only hindered individuals’ rights to access their own information but also undermined public trust in the party’s handling of sensitive data. The situation highlights broader issues regarding data management and responsiveness in political organizations, emphasizing the need for stringent measures to ensure that such failures do not recur. As Labour faces mounting scrutiny, the incident serves as a stark reminder of the importance of upholding rigorous standards for data protection and customer service.
But we have something powerful on our side.
We’ve got you.
This is why we’re inviting you to access our brilliant, investigative journalism with exclusive digital extras to unlock:
1. Unlimited articles in our app
2. Ad-free reading on all your devices
3. Exclusive newsletter for supporters, sent every week from the Guardian newsroom
4. Far fewer asks for support
5. Full access to the Guardian Feast app
The Guardian is funded by readers like you in Vietnam and the only person who decides what we publish is our editor.
If you can, please support us on a monthly basis. It takes less than a minute to set up, and you can rest assured that you’re making a big impact every single month in support of open, independent journalism. Thank you.