The Labour Party has started writing back to members who complained about their data being given to Gerard Coyne, who has used it – stupidly, but nobody said he was competent – to contact non-Unite members asking them to vote for him as the union’s General Secretary.
The emails being sent are a study in generic denial and buck-passing. Here’s one:
FW: Labour Data Protection Breach
From: Labour Membership <labourmembership@labour.org.uk>
Date: Thu, Apr 6, 2017 at 10:08 AM
To: [redacted]Dear Kevin
Thank you for contacting us regarding unsolicited communication from Gerard Coyne’s campaign.
We are unable to say how you were contacted by Mr Coyne’s campaign, and suggest you should contact his campaign directly to ask the source of their data they hold on you, and to remove any data they hold on you if you do not wish them to hold it.
The Labour Party is very clear that no data may be shared with any third party or other organisation, and take our obligations under the Data Protection Act very seriously. We have not supplied any Labour Party data to Mr Coyne or anybody else. Labour Party data is held and processed only for the legitimate purpose of running a political party.
Kind Regards
Lee-Ann
Communications Assistant
The Labour Party
“Nothing to do with us, guv. Nothing to see here. Move along. These are not the droids you’re looking for.“
Except there is compelling evidence to conclude that it is simply not true. Three ‘smoking guns’, in fact.
#1 – Beretta 9mm
At least one of the emails sent out by Gerard Coyne went to an email that was uniquely created to receive Owen Smith’s campaign emails for the 2016 leadership contest and never used for any other purpose. At least some of the data Coyne is using came from Smith’s database of Labour members – to which only Smith and his Labour team had access. If anybody else had the data to supply it to Coyne, that simply adds another Data Protection Act (DPA) breach for them to have it in the first place.
#2 – Smith & Wesson 45
After the SKWAWKBOX originally revealed the initial Smith ‘smoking gun’, further information also showed that Labour member data had been leaked from at least two sources. Coyne was also contacting Labour members who had never been in Unite and had never signed up to receive any Owen Smith emails.
Members were affected nationwide, proving that it wasn’t, for example, local member data that had been leaked by, say, a constituency member secretary or even regional HQ.
Again, if Coyne did not receive that data directly from someone at Labour HQ, that simply adds another DPA breach, because someone outside Labour was given it illegally – so Labour ‘data managers’ are at least once guilty and possibly twice.
#3 – 357 Magnum
The matter is already beyond reasonable doubt but this one removes even unreasonable doubt: Gerard Coyne admitted it.
Live, on national radio, to BBC interviewer John Pienaar. Here’s the recording and the transcript of the admission:
In terms of knowing the er, er, arrangement, the use of Labour Party data was something that was agreed, I believe it’s perfectly legitimate and that it was perfectly lawful as well. So it wasn’t a question of it being ‘put a stop to’, it was actually, er, concluded.
Not ‘of the data’. Of ‘the Labour Party data‘.
Bang. Bang. Bang. Now smell the waft of cordite.
Of course, with regard to Labour’s denial, “well, they would say that, wouldn’t they“. They’re hardly going to send out a template email to hundreds or even thousands of members – especially when the breach could bring down a large part of the right-wing apparatus at HQ and on the NEC (National Executive Committee) – saying,
It’s a fair cop, guvnor.
So if you’ve received one of these emails from Labour HQ, forward a copy to the ICO (Information Commissioner’s Office) on casework@ico.org.uk along with a link to this article and a request to formally investigate.
The most damnable thing about all this is that, if a financial penalty is imposed by the ICO, for a criminal breach the fine is unlimited – and the scale of the fine imposed is affected by, among other things, how the offending party behaves once the breach is identified. Here’s what the ICO document “Internal Procedure for Issuing Monetary Penalties” says about it:
So whoever at the head of Labour has decided to take this approach – presumably the buck stops with General Secretary Iain McNicol, even if he hasn’t personally made the call – is recklessly compounding the damage to the Labour Party.
Labour HQ needs to stop it’s Canute-like refusal to acknowledge a breach that is really beyond doubt – and to take a leaf out of Unite’s book by cutting the offender(s) loose to face the consequences personally, so that Labour members do not end up paying for a crime committed against them.
The SKWAWKBOX is provided free of charge but depends on the generosity of its readers to be viable. If you found this information helpful and can afford to, please click here to arrange a one-off or modest monthly donation via PayPal. Thanks for your support so this blog can keep bringing you information the Establishment would prefer you not to know about.
Dear Arthur
Thank you for contacting us regarding unsolicited communication from Gerard Coyne’s campaign.
We are unable to say how you were contacted by Mr Coyne’s campaign, and suggest you should contact his campaign directly to ask the source of their data they hold on you, and to remove any data they hold on you if you do not wish them to hold it.
The Labour Party is very clear that no data may be shared with any third party or other organisation, and take our obligations under the Data Protection Act very seriously. We have not supplied any Labour Party data to Mr Coyne or anybody else. Labour Party data is held and processed only for the legitimate purpose of running a political party.
Kind Regards
Lee-Ann
Communications Assistant
The Labour Party
Seems they’re saying i have to investigate this myself
Here’s what the ICO says
Case Reference Number: RFA0675428
Dear Mr Jordan
Thank you for your correspondence in relation to your concern about the way the Labour Party (‘Labour’) handles personal information.
The Information Commissioner’s Office (the ‘ICO’) is an independent regulatory authority reporting directly to the UK Parliament. The Information Commissioner enforces and oversees the Data Protection Act 1998 (the ‘DPA’).
Our aim is to improve information rights practices. We do this by taking an overview of all concerns that are raised about an organisation with a view to improving its compliance with the DPA.
Please see our website for further information:
https://ico.org.uk/about-the-ico/our-information/service-standards/
Your data protection concern
You are concerned that Labour has shared your personal data with the campaign supporting Gerard Coyne of Unite Union.
It appears that you raised your concern with Labour in the email you also sent to the ICO on 2 April 2017. Before we look at the issue you raise, we expect you to give the organisation the opportunity to consider it first. In order for us to look at Labour’s information rights practices we need you to provide us with its reply.
Once you have received a response from Labour, if you still have concerns about its information rights practices please write to us again, quoting the above reference number and providing us with a copy of its response. We will then consider your concern and decide if we think there is an opportunity to improve Labour’s information rights practice.
If you are responding via email, you can forward your response to our casework@ico.org.uk email address with the above case reference in this format [Ref. RFA…] in the subject line.
Yours sincerely
Phillip Marsh
Lead Case Officer
Information Commissioner’s Office
01625 545 247
Feedback about our service
If you are dissatisfied with the service you have received, or would like to provide us with feedback of any kind, please let me know.
Thanks, Artie – let us know when you get a reply to the forwarded Labour response, please!
Reblogged this on sdbast.
Yes we all know how the DPA is supposed to work so stating the bleeding obvious is a waste of time and does nothing to address the situation. Obvious what’s gone on and the person or persons responsible for it *have* to be found / dealt with, not just brushed inder the carpet!