The Labour party has come under criticism from the UK’s data protection watchdog for failing to respond to individuals who had requested information about what data the party held on them. After a cyberattack in October 2021, there was a significant backlog of requests, resulting in delays for more than 350 people who had submitted subject access requests. The Information Commissioner’s Office (ICO) found that the party repeatedly failed to respond to these requests promptly.
The ICO received over 150 complaints regarding the handling of subject access requests, prompting an investigation. They discovered a neglected “privacy inbox” containing hundreds of unanswered requests for personal information. The ICO emphasized the importance of organizations responding to these requests within the required time frame to ensure transparency and accountability.
In response to the ICO’s findings, the Labour party assigned temporary staff to address the outstanding requests, allocated additional funds, and implemented an action plan to ensure future compliance with data protection laws. The party has since cleared the backlog of subject access requests and erasures, with no active complaints remaining as of April 2024.
Despite the challenges presented by the cyber incident in 2021, which led to the loss of access to data for members and supporters, the Labour party has taken steps to improve its processes and engage fully with the ICO. The party has been issued a formal reprimand and must maintain adequate staffing levels to respond to subject access requests in a timely manner.
Source
Photo credit www.theguardian.com