Labour has come under fire from the UK’s data protection watchdog for failing to respond to individuals who requested information on what data the party held about them. This backlog was exacerbated by a cyberattack in October 2021, causing a flood of requests from the public. More than 350 people experienced delays when submitting subject access requests, with the Information Commissioner’s Office (ICO) finding that the party had been repeatedly failing to respond within the required time frame.
The ICO launched an investigation after receiving over 150 complaints about the handling of subject access requests. They discovered an unmonitored “privacy inbox” containing hundreds of unanswered requests for personal information and deletions. Deputy Commissioner Stephen Bonner emphasized the importance of organizations responding to these requests in a timely manner to uphold transparency and accountability.
Labour has since addressed the backlog by assigning additional staff, allocating funds, and implementing an action plan. The ICO issued a formal reprimand, requiring the party to maintain adequate staffing levels to comply with data protection laws. A Labour spokesperson stated that the backlog had been cleared by April 2024, with no active complaints remaining.
The cyber incident that occurred in 2021 resulted in a significant amount of data becoming inaccessible, leading to suspicions of a ransomware attack. Despite these challenges, Labour has taken steps to improve its data handling processes and ensure timely responses to subject access requests in the future. The party has expressed full cooperation with the ICO and commitment to upholding individuals’ data rights.
Source
Photo credit www.theguardian.com