Analysis comment Exclusive News

Exclusive: Labour NEC members not informed which company has breached data – despite potential liability

Despite several requests, no response from Evans on identity of third party company at centre of huge data breach

As Skwawkbox revealed and others have reported, Labour general secretary David Evans has been forced to inform members – and huge numbers of ex-members – of the party that Labour’s decision to outsource their sensitive information to an outside company had resulted in a massive data breach placing their personal information in the hands of criminals.

The breach could result in Labour – and Evans and Keir Starmer personally – liable to huge fines under ‘GDPR’ data protection laws.

But that liability also extends to members of National Executive Committee – including many good left-wingers either elected by party members or appointed by unions to try to counteract the machinations of the right.

Yet Skwawkbox can reveal that despite that potential liability to multimillion pound fines, neither David Evans nor the party have even informed NEC members of the identity of the company involved in the breach – nor of what it was doing with the data of hundreds of thousands of ex-members as well as those who remain in the party.

One NEC member told Skwawkbox:

We have a meeting next week so we might hear something then, but so far not a word.

Labour has known about the data breach since 29 October, more than a week ago, yet has not got round to informing elected officials who might face personal liability if the party is fined – or sued by angry members and ex-members for putting their sensitive information into the hands of criminals. Meanwhile, victims of the breach have been told by the party not to discuss it – an instruction many are ignoring.

SKWAWKBOX needs your help. The site is provided free of charge but depends on the support of its readers to be viable. If you can afford to without hardship, please click here to arrange a one-off or modest monthly donation via PayPal or here to set up a monthly donation via GoCardless (SKWAWKBOX will contact you to confirm the GoCardless amount). Thanks for your solidarity so SKWAWKBOX can keep bringing you information the Establishment would prefer you not to know about.

If you wish to republish this post for non-commercial use, you are welcome to do so – see here for more.

93 comments

  1. If Evans is withholding requests from NEC members who the company is. My request (and other members) to the party to email me with the name of the company they decided to hand over my details to may go unanswered. Seems typical of Evans to ignore anyone who asks difficult questions.

    1. We don’t know whether any sensitive unencrypted data has been compromised yet.

      1. Joe – In which case could you please let us all in on the secret by posting a link to your evidence.

      2. Joe – The Labour Party have published further details about the ‘data incident’

        Blackbaud data breach – The Labour Party

        You may have heard that one of our suppliers, Blackbaud, has suffered a data breach. The Labour Party takes its responsibilities regarding data security very seriously and this notice is intended to provide further information about this situation.
        What happened:
        Blackbaud have notified the Labour Party that they have been the victim of a sophisticated ransomware attack, which occurred sometime between February and May this year. During this time, a backup file containing personal information was stolen by a cybercriminal. It is important to immediately note that no sensitive information, such as bank account information, passwords or usernames, was taken. Blackbaud have also confirmed that they have paid the ransom demanded by the cybercriminal and have received assurances that the data was destroyed as a result.
        Blackbaud have confirmed to us that the following personal data was affected:

        Names
        Email addresses
        Telephone numbers
        Amounts donated to the Labour Party

        We have been assured by Blackbaud that their security experts have fully investigated the attack and are in constant contact with the Information Commissioner’s Office (“ICO”) about the situation.
        Actions the Labour Party has taken
        The Labour Party has launched its own investigation and is working closely with Blackbaud, as well as our Governance, Legal, Data Protection and IT teams to gather more information about the breach. We will take any measures necessary to protect your data and are working to contact individuals we know have been impacted as soon as we can. In line with our data protection obligations, we have also notified the ICO about this breach.

        What you need to do
        While there is no action you need to take at this time, if you do become aware of any suspicious activity or suspected identity theft, you should notify the proper law enforcement authorities.
        If you have any questions in relation to this notice, you can call 0345 092 2299.
        We very much regret the concern or inconvenience caused as a result of this news. We will be in direct contact with individuals specifically impacted by the breach in the coming days.
        https://labour.org.uk/privacy-policy/blackbaud-data-breach/

      3. Joe – It turns out that this page was actually published on 6 Aug 2020 and therefore must refer to an earlier breach.

      4. From what people have said, those who have received the email have been advised to check their bank transactions to see if any suspicious activity has occurred. I suspect that those whose data has been stolen have reason to be concerned.
        “We don’t know whether any sensitive unencrypted data has been compromised yet.” – precisely.
        The GS should be giving everyone who has been sent the email full details of what data has been accessed, who had charge of the data and why people are being advised to check their bank records.
        The only other option for him is to assure people that no sensitive data has been compromised.
        Instead of doing either of these two things, he has gone completely silent.

      5. How comforting of you to assure me that we don’t know if any unencrypted data has been compromised yet.

        For me it’s not the point. I don’t expect to join a group where my information as been transferred to an unknown third party.

        Never mind I’m sure, if needed you’ll contribute to the party when they ask you to help them out.

      6. Backof Beyond – I doubt there will be a need to, frequently organisations quite legitimately entrust third parties with data. eg for a mail shot or to run an internal party ballot. There is provision for the management of this relationship within the Act.

      7. “We don’t know whether any sensitive unencrypted data has been compromised yet.”

        Yes, we don’t know what data is breached, we don’t know which company had been trusted with the data that was breached, we don’t know how it was breached, we don’t know what the breach was, we don’t know what it means to the lifeforms about whom or by whom the data was created (who, legally, are the ‘owners’ of said data), or whether the breach actually happened as claimed by the General Secretary of the Labour party. For all we know, Evans might have sold our data to a highest bidder.

        I hope the NEC is demanding answers from Evans, the General Sec who outsourced the unknown data to the unknown company, on all of the above, and that they have the courage to sack him when they realise how badly he is performing as General Secretary. And if they do, Starmer wil be a dead dead-man walking.

      8. I suspect that the left wing socialist members are basically the target and were given or sold to a Third party who could be almost anybody connected to the knights shadowy past association with security services and Terror gangs working in partnership with British crown forces in Ireland….The possibilities are endless of who has ended up with this list.ITs not just Corbyn thats been classified and marketed as “enemys of the state” …..?

      9. Come on SteveH, wake up and smell the coffee !!True we don’t know for certain what data has been compromised, However, I will argue that NO data should have been compromised at all and the FACT is that it has.

      10. Goldbach: in my email, no mention of checking for transactions. I’m an ex member though. So we can assume that they didn’t retain my banks details (encouraging). On the other hand, they told me to be careful with suspicious looking emails, calls and text messages. So, again, we can assume contact details were leaked. Now, I mentioned earlier that it’s fair enough for the party to retain this kind of info.

        BUT the danger is if this info is leaked and lands into the hands of an Anders Breivik type loony. At a time of mounting right wing extremism, this put members / ex members at physical risk.

        Or, given the widely known practice of blacklisting trade unionists from the building industry (yes, Google it), if membership info is sold to employers, this could seriously ruin careers… Like young people mysteriously never getting invited for interview despite being fully qualified…

        Personally, I think it is fair for the party to keep info so they can run this thing properly.

        But this breach is extremely concerning. The party must be transparent, reveal which company it was, what info was compromised and justify why they used this third party instead of keeping it into their servers.

        There would be a tremendous difference between a cloud storage service targeted for ransom unknowingly of where the data were from and a targeted attack on party data. So far, we don’t know which is which.

      11. We do know the Labour Party still has my personal information even though I left years ago. It did not contact me during the 2019 general election, I was not expelled for antisemitism etc, nor the subject of any disciplinary enquiry, so WHY does it STILL retain my personal data??? (Data which I explicitly asked them to delete in my resignation letter.)

        That is a breach of GDPR, even before the ransomware attack, or whatever happened.

      12. Dave – I suggest that you plough through the ICO’s (particularly as it relates to political parties) along with Labour’s rule book and the three documents linked to at the end of each page on https://labour.org.uk. I think you will find that whatever residual info Labour hold on you can be justified under the Act.

    2. Not only will Evans not name a ‘third party’ supplier of data management breach, said third party will not be liable for any penalty charges that are levied at Evans on behalf of the Labour party – unless, of course, Evans anticipated the possibility of this happening and contractually levied the transfer of penalties to the supplier. Somehow I don’t think that’s likely.

      Bad managers are as bad managers do.

      1. qwertboi – The ICO appears to disagree with you. They include the following in their discussion on the specific liabilities of ‘processors’ (the third party).

        What are your responsibilities as a processor?
        Processors have less autonomy and independence over the data they process, but they do have several direct legal obligations under the UK GDPR and are subject to regulation by supervisory authorities. If you are a processor, you have the following obligations.
        •Controller’s instructions: you can only process the personal data on instructions from a controller (unless otherwise required by law). If you act outside your instructions or process for your own purposes, you will step outside your role as a processor and become a controller for that processing.
        •Processor contracts: you must enter into a binding contract with the controller. This must contain a number of compulsory provisions, and you must comply with your obligations as a processor under the contract. For more information please read our guidance on contracts.
        •Sub-processors: you must not engage another processor (ie a sub-processor) without the controller’s prior specific or general written authorisation. If authorisation is given, you must put in place a contract with the sub-processor with terms that offer an equivalent level of protection for the personal data as those in the contract between you and the controller.
        •Security: you must implement appropriate technical and organisational measures to ensure the security of personal data, including protecting against accidental or unlawful destruction or loss, alteration, unauthorised disclosure or access. For more information please read our guidance on security.
        •Notification of personal data breaches: if you become aware of a personal data breach, you must notify the relevant controller without undue delay. Most controllers will expect to be notified immediately, and may contractually require this, as they only have a limited time in which to notify the supervisory authority (such as the ICO). You must also assist the controller in complying with its obligations regarding personal data breaches. For more information please read our guidance on personal data breaches.
        •Notification of potential data protection infringements: you must notify the controller immediately if any of their instructions would lead to a breach of the UK GDPR or local data protection laws.
        •Accountability obligations: you must comply with certain UK GDPR accountability obligations, such as maintaining records and appointing a data protection officer. For more information please read our guidance on accountability and governance.
        •International transfers: the UK GDPR’s prohibition on transferring personal data equally to processors as it does to controllers. This means you must ensure that any transfer outside the UK is authorised by the controller and complies with the UK GDPR’s transfer provisions. For more information please read our guidance on international transfers.
        •Co-operation with supervisory authorities: you are also obliged to cooperate with supervisory authorities (such as the ICO) to help them perform their duties.

        Can a processor be held liable for non-compliance?
        Yes. You will be subject to the relevant investigative and corrective powers of a supervisory authority (such as the ICO) and may be subject to administrative fines or other penalties.
        y.

        https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/controllers-and-processors/what-does-it-mean-if-you-are-a-processor/#1

      2. If the data breach is not that serious, I wonder why the

        National Crime Agency (NCA),
        National Cyber Security Centre (NCSC)
        and the Information Commissioner’s Office (ICO) have all been brought into the investigation?

        According to my email it says “including”. The implication is other agencies might be involved?

        Meanwhile in the mushroom compost, those affected are left with next to no information or explanation.

      3. Nemtona – Because as ‘data controllers’ they have a legal obligation to report it

    3. Steve H “Organisations are frequently entrusted with outside data” This is organised crime and dont insult our intelligence with stupid comments any further.Mr Steve H,davidh centrist Dad and a whole lot more of deceit.Your bloody boss is a disorganised crook and so is Evans and the of the Kangaroo court NEC that have again been in the thick of it when it comes to criminal behaviour and scams.You ask former members many thrown out of the party and labeled racists AS and denied even the basics of justice?
      to trust scum Evans,Starmer and the NEC…..Well sorry that waent with Corbyn and now we need a day of reckoning served hot or cold but revenge for past crimes you will pay for.and I will pursue this with vigour knowing that this is the last chance to get even.

      1. Joseph: “Your bloody boss is a disorganised crook and so is Evans…..”

        It’s just as likely that Evans (or an unknown, anonymous Billionaire*) is the boss – and Sir Keir Rodney is just the PLP-frontsman who satisfies Labour party rules. My goodness, it is even possible that Assaf Kaplan is the boss (which would explain why the ‘new management’ is so vehemently aggressive towards party members who see Israel and its apartheid system as abhorrent and imperialist)

        * It could even be Jeffrey Epstein, who might not be quite as dead as some have claimed

  2. Does anybody have a clue about who the criminals are? Some inspired guesses might start a process of elimination. It can’t just be left hanging in mid air. In an ideal world Evans would tell us what happened. Fat chance of that but how can he sit on the secret for much longer?

    1. The last breech was a ransomware attack and the third party company paid the ransom. There is a good chance this is a similar attack.

      1. Thanks. So the 3rd Party is likely to be lawyers and the criminals from maybe America or Russia? Must cost a lot!

      2. So let’s get this right.

        A ransom has been paid as a result of a previous criminal theft of data and the hope is being both expressed and implied that:

        1. This will be the case on this occasion?

        2. The criminal responsible for this criminal act, having been paid a ransom, will act honourably and responsibly by returning or destroying the data and will not even consider the notion of replicating it in order doubling their ill gotton gains by surreptitiously flogging the data to another party?

        Yeah! Right! Okay Steveh. We’re all really convinced with this naive Jackanory bullshit you are trying to flog. Honest we are!

    2. Paul you don’t have to look too far when the suspects are in your face and have “form” .No doubt LFI Ryan Watson and the whole bunch have been into the Labour party “Server” and really a police investigation is needed amongst the raft of criminals inside the heart of the Labour party.I am expecting a Slow burner on this but no doubt HQ will leak like a seive as bankruptcy nears its final stages.

      1. ‘Getting your excuses in early.”

        Can’t think why but the words ‘kettle’ and ‘pot’ keep springing to mind.

  3. Yes as a genuine left wing democratic socialist I proudly left Neo-Liberal Capitalist Boot Licking Right Wing Labour ten seconds after Political Lightweight Mr S got elected.
    And I got the email apology so they broke GDPR rules and they misused my personal information so should face massive, huge fines!
    I replied saying perhaps you should focus on sorting your systems out instead of focussing on attacking socialist Labour members.
    Karma.

    1. Depends. Seems the T&Cs mentions that some info is retained after members left, up to 15 years. I think it would be justified to keep basic info such as name and contact details just in case one wants to join back eventually. In the case of suspension/disciplinary procedures, I can see the logic to retain some info (assuming the disciplinary process is fair and open) to avoid having expelled member (assuming again good faith in the system that it was justified) to just cancel their membership and then join again. And then of course, you can expect minutes of meetings on which your name might appear to be kept indefinitely.

      Anything more than that though would be harder to justify.

      1. Ben Lapointe,

        The Labour party have an extensive privacy policy that even covers collection and retention of social media data. They appear to want to own your thoughts and actions and reserve the right to keep any data they think fit, for as long as they like. I find this very sinister.

        It seems unlikely that long serving members would have signed up to some of these terms. Social media for instance is relatively new and was unheard of when I first joined Labour in the early 1990’s. Did the party write and inform members of any changes to the Ts & Cs? I wonder when the privicy policy was updated and for what purpose?

        A member I know who left the party in May 2021 was unaware of this policy and cannot remember being contacted regarding any changes. I suspect many other members will also be unaware of this.

        https://labour.org.uk/privacy-policy/members/

      2. Steve H At last “The voice of” The reason “the Labour party think that they can do whatever they wish to raise money to save the Labour party from bankruptcy…..My lawyers are on the case from day one of the Infamous email.sent to me and hundreds of thousands of former problem members for the Labour party….!Very few are Gullible” and this will not go away .

      3. Joseph – Please keep us all informed about your case’s progress.

      4. Nemtona, thanks for the link.

        My view was just to point that, in an ideal world, *some* data retention about past members after they left is fair and justified. Social media posting and history, beyond the process of an investigation or a disciplinary hearing, would be, in my humble opinion, abusive.

  4. The NEC is the governing body of the party between conferences and represents the Labour Party as Evans’s employer. It is not good enough for an NEC member to say there is a meeting next week at which the NEC might hear something. All NEC members irrespective of their political affiliations should be insisting that Evans their paid employee puts them the picture completely at that meeting.
    Requests for information should be made to him formally , recorded in the minutes and and subject to a recorded vote for future reference. Each individual whose data has been compromised should also be given the full information and the same process used by the NEC for requesting disclosure to the membership. Failure to supply the information requested should result in disciplinary action.
    I have used the word “should” several times because that it what would happen in a normal workplace or organisation where a serious data breach occurred. However we are talking about Starmer’s Labour here so normal rules of conduct do not apply and there is every chance the whole thing will be hushed up. Furthermore anybody who dares to speak out about this appalling situation will probably be expelled for “antisemitism” the convenient catch all for getting rid of dissenting voices

    1. They the Labour party have been suspending socialists and witchunting members whilst this fiasco carrys on,and there are still gullible members who are unaware of just whats been done to many former members and couldn’t give a damm and they are the ones that unleashed these dogs on the members when they voted for a obvious establishment lacky..ITs becoming increasingly worrying that the Labour party are refusing to admit to just who and why and for what reason lists of former members have been dumped,sold given away to god knows who?

      1. Joseph, if the matter is so insignificant why is Frankenstein suggesting that members do not discuss it on social media? It stinks and I hope that there will be consequences. Is it legal? This is no longer a party but a criminal organisation at least a fiefdom of the few. These people have no rock bottom.

  5. As a genuine left wing democratic socialist I left Neo-Liberal Capitalist Boot Licking Right Wing Labour ten seconds after Mr S got elected.
    And I got the email apology so they have broken the GDPR rules and misused my personal information and should face massive, huge fines!
    I replied saying perhaps they should focus on sorting their systems out instead of focussing on attacking socialist Labour members!
    Karma.

  6. How much time and resource is being spent on ploughing through members social media, who authorised the witch hunt
    Again where was the NEC and why don’t they stop it
    Ignorance will be no defence to them being surcharged

  7. We are into the second week and a deathly silence from HQ on urgent requests by lawyers for the Name of the third party owners?….outside body who are in receipt of my personal information and financial details including donations to the Labour party alarmingly.

      1. Yes, that’s correct. Are you simply making an observation about a fact that is clear to all, from the tweet?
        If there’s more to it than that, I can’t fathom what it is.

    1. Rita – My apologies, it turns out that the page I linked to was actually published on 6 Aug 2020 and therefore must return to an earlier breach.

  8. Nothing in Press about Evans or his wife in regard to Company.

    In particular Private Eye usually picks this
    sort of thing up and reports it – but nothing ..this time. Why not? Instead
    they mostly report such as “vile anti-semitism found – Labour Party” when investigations
    have discovered that the perpetrator is not member of the LP..

  9. Here is a copy of an official Labour explanation of a previous data base from 2017 – the point being that it (second paragraph) spells out that NO Third Party is allowed access to a member’s data. I just thought that if that rule is still relevant then someone could use the info contained in the below email in any potential law suit against the party.

    “Labour Membership
    Tue 4/4/2017 1:37 PM

    Dear Robert

    Thank you for contacting us regarding unsolicited communication from Gerard Coyne’s campaign.
    We are unable to say how you were contacted by Mr Coyne’s campaign, and suggest you should contact his campaign directly to ask the source of their data they hold on you, and to remove any data they hold on you if you do not wish them to hold it.

    The Labour Party is very clear that no data may be shared with any third party or other organisation, and take our obligations under the Data Protection Act very seriously. We have not supplied any Labour Party data to Mr Coyne or anybody else. Labour Party data is held and processed only for the legitimate purpose of running a political party.

    Kind Regards

    Lee-Ann
    Communications Assistant
    The Labour Party

  10. Which company has breached data, perhaps it is Doughty Street Chambers?

  11. Your post makes me realise that although Evans is reporting the breach now, it could hsve occured at any time in his Gereal Secretary-ship. Sir Keir Rodney became titular leader of Labour at midnight on 03-Apr-2020. For heavens sake, the breach could have occured at 00.01 on 04-04-2020 when Lee-Ann’s words were still current (and the 10 Pledges were broadly believed), but the ‘new management’ was imposing its nefarious administration (including the installation of David Evans).

  12. I have a question for any of you with legal knowledge.
    Doesn’t the Data Protection Act enable you to write to the Labour Party to get them to tell you what data they hold on you and, if that data has been shared with any third party, to tell you what that organisation is?

    1. That sounds like a Freedom of Information request. Is a political party a legitimate target for a common-or-garden FoI? Yeah, hope someone has the knowledge to help

  13. Qwertboi – isn’t there something called an SAR (Subject Area Request)?
    I know these have been helpful to LP members persecuted by Party
    Officialdom but not entirely sure what they are!

    Surely someone knows about FOL – Joseph O Keefe seems well up
    on legal matters ..

    1. Let’s hope, Holby. Joseph or maybe Maria A who I think has had legal training. This might be important in the fightback

    2. Good luck getting any sense with a Subject Access Request with these people.

      I spent the best part of two years trying to obtain specific information via several SAR’s – including how specific data was used – with no response other than a deliberate misunderstanding in which every piece of information including photographs, Direct Debit payment dates, and correspondence with my name on it from either myself or others in the Party which was in the possession of the Party at that time.

      Anything other than the specifics requested under the SAR’s. The ICO assisted in terms of contacting them but advised me in so many words that they had insufficient teeth to force the Party to comply.

      Unless you have sufficient level of personal funds to go through the court system to force them to comply there is no process with clout to obtain what you seek when those in the bureaucracy and hierarchy are intent on denying your access to what you require.

      They will prevaricate, misunderstand, ignore, refuse point blank, deny, lie, dissemble, cheat, anything to avoid providing information which might reveal information about their own gerrymandering and incompetence.

      In the light of actual experience it is of little surprise that such a data breach has occurred. Simply because those in the bureaucracy and hierarchy have no qualms whatsoever in playing fast and loose with the legal rights, obligations and liabilities of volunteer members. Because we are dealing here with a level of arrogance which firmly believes it is untouchable.

      Three actual examples:

      1. When chosen as Agent for the Branch in a LA election the paid worker within the DLP, along with the then MP’s Agent and Candidate consistently bypassed both the Branch and myself outside of the PPERA2000 legislation. To the extent of printing several thousand copies of a leaflet containing a copyrighted company logo which the paid worker initially refused to pulp. Accusing those who raised this as a legal red flag as deliberately causing trouble.

      If this had been distributed the company would most definitely have taken legal action against the misuse of its well recognised logo. As Agent under PPERA I would have been one of the parties legally liable. Fortunately, after further pressure common sense prevailed. This did not prevent the Branch and its members from being bypassed and excluded from the campaign. Nor the candidate illegally recording sections a meeting on their mobile phone where these issues were raised.

      The information of which was very likely used in a fast tracked disciplinary action against another Branch member and which the Party has steadfastly refused point blank to confirm was the case.

      2. A year later, as Branch Secretary, I was given access under the Party code of Practice, to release members contact details to candidates shortlisted by the Branch for Ward election candidate in the Council election to contact members prior to the selection meeting. The code of practice is specific in terms of following DPA and GDPR legislation that the Data is to be used only for the purpose of contacting members for that specific purpose and that following the selection meeting it should be returned to the Processor – ie myself – and not used for any other purpose.

      Despite this and despite the fact that the winning candidate had extensive career experience of the law that candidate acted outside the Party Guidelines and DPA/GDPR legal requirements by using the data to contact members after the selection had concluded.

      Yet, even though this placed myself as Processor and potentially the Party at legal risk should any member complain (and one did – it was ignored and swept under the carpet) the Party bureaucracy and hierarchy from DLP through Region right up to National level treated this data breach incident, along with the legal risk to myself as a volunteer retired member and the submitted complaint, with total disdain as a non event.

      3. The 2019 GE saw a blatant gerrymandering of the PPC selection – which is a whole other story. The candidate selected was, under Party rules, ineligible as a result of being the subject of a serious complaint involving illegal actions under DPA/GDPR and PPERA2000. This was solved by rejecting the complaint without investigation and ignoring the submitted evidence.

      The first volunteer member to act as Constituency Agent did not last long. Withdrawing as a result of what might be described as an inappropriate act at a private function. The second and third agents resigned after only short periods of less than a week in the role.

      Because literature had been produced with the third agent’s name on it the decision was taken, in consultation with that individual, that their name would remain as agent on the campaign literature as agent. The problem was that the individual had no control of the campaign even though their name was on campaign literature as Agent.

      Consequently, when the campaign actually overspent against DPERA2000 legislation a potential risk accrued to that individual. Information about what occurred after the election is not available to me. It’s reasonable to surmise that the issue was resolved satisfactorily. Nontheless, the stress that individual would have experienced as a result of the Party bureaucracy and hierarchy playing fast and loose with the legal liabilities of volunteer members is not to be easily ignored.

      Doubtless these examples are not isolated and it is reasonable to surmise will have occurred in various other examples up and down the country. Revealing a pattern of arrogant behaviour by those in the Party who are convinced they can get away with any amount of gerrymandering, risk to volunteer members legal liabilities, and the rights of members. Including, as in this case, our data rights under GDPR/DPA.

      The whole organisation from top to bottom is corrupt in terms of the espoused values of the majority of ordinary volunteer members and its own rules – which are regularly gerrymandered with no effective checks and balances. It does not do what it says on the tin. A situation which merely replicates the same problems which are endemic of what passes for the demos in the UK.

      To rectify this requires either a root and branch clear out at every level or for the entity previously known as the Labour Party to cease existing.

      1. Dave – Who was the party leader when the incidents you describe above occurred?

    3. Holbyfan, JVL will either know or they will know someone who does know. Always ask JVL. Good luck.

  14. Be interesting to know what details this “third party” company actually had access to and what due diligence was performed before handing it over.
    They shouldn’t have had access to any data from ex-members particularly those who specifically requested that their data be deleted. E.g. Names, addresses , social media details, disciplinary , special notes ? Etc.

    1. I have a belief that the Bottom feeding Profession is effectively a brotherhood especially amongst the QCs and Barristers.I have fed these people over many years hundreds of thousands especially on my last trip to the High court in London.Unfortunately we have to go through the system if we wish to be even listened to in the high courts.This case of the Email to former members should open and shut with a judgment against the Labour party.Beware its not that simple and nothing ever is especially compensation and costs which in many cases means Taxed “.or scrutinised by the court to cut down on what you thought was your winnings.I have already through lawyers akowledged the email and I am pursuing it.I expect once again to loose money and be frustrated by the whole process.I can afford to do this and I expect nothing other than the sweet taste of revenge on a organisation that has jerked me around for nearly half a century the British Labour party.Please stop feeding the parasites I and many other former members are pursuing through the courts.

      1. Joseph – Pleas don’t forget to keep us informed about your case’s progress.

      2. Joseph
        Only worth pursuing if they have assets, which might not be the case once the authorities have had first bite of the cherry

  15. Someone has given this template letter which I’m using to email the LP, anyone can use it..

    To: privacy@labour.org.uk

    Subject: Access Request

    Dear Labour Party,

    I am writing to request that the Labour Party provides me with all personal data it still holds about me on your files. I am entitled under data protection law to have your answer within one month of this request.

    I resigned from the Labour Party in September 2020. I expect the Party to explain why my data is still being held by you.
    GDPR ‘principle C’ states that information can be held only insofar as it is ‘adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed [‘data minimisation’]’.

    I therefore request the Labour Party explains why the continued storage of my data, as a former member, was deemed both ‘adequate and relevant’.
    In addition I request that the Labour Party provides me with information on the identity of the ‘third party’ you have given access to my data.

    Please submit my data as an electronic file via email.
    If you do not have the authority to deal with my request, please pass this email to the party’s Data Protection Officer or authorised staff member.

    If you need advice on responding to my request, the Information Commissioner’s Office can help you. Website is: ico.org.uk or by telephone 03031231113.

    I look forward to hearing your response within the legal time limit.
    Yours,

    1. It is indeed an excellent letter Frances and wished I had waited before sending my own cobbled together version yesterday!

    2. Apparently, when anyone gets in touch about the leak, if you’re lucky enough to get a reply they ask for photographic evidence of your identity.

      1. lundiel – You should be pleased that they are taking such a precautionary approach.

  16. I don’t think it is wise to be precipitate and raise people;s expectations of satisfactory resolution, To talk about ‘massive fines’ when Not The Andrew Marr Show this morning made it quite clear it would be very difficult to even make a legal case, the ICO won;t even bother responding to requests, As one legal expert commented, even if they did they fines would not be big. I do think a data contract that involves Evan’s wife is alarming. There are also some data breaches that have already occurred, one involving a member and her child who were being protected from a serious domestic abuse assailant and she had been careful for three years to only use a pseudonym. She co-chaired a meeting that resulted in suspension due to content of that meeting. Her legal name that only the Party had and her CLP address were published by the Party and circulated, putting her at terrible risk and affecting her mental health. The Party responded not at all to complaints about this breach.

    1. This one case alone is worth pursuing. The poor woman could hardly speak because she is so terrified that her violent ex partner will now be able to trace her. She cannot be an isolated case. The absolute and total wickedness of this is beyond belief. This callous regime is ruining lives. They cannot possibly be a force for good in British politics.

    2. Thats appalling PM! Did she contact the police about this?

      We had a student who did not want her previous partner to know her whereabouts
      as she had been subject to violence by her partner resulting in prosecution . After
      this the police superintended any moves she made. WE were told specifically
      by the police that she was not to be awarded any prize – on account of the publicity
      which might ensue.

      The police would not be pleased – to say the least – if the LPs carelessness resulted
      in a crime.

  17. An interesting line of argument the logic of which requires the fantastical acceptance that said leader was responsible for, amongst a range of other examples, instigating coups against themselves from within the Party; a co-ordinated campaign to smear themselves; and simultaneously working towards both election defeat and victory at the same time.

    All while not acting in any way which might be construed by self regarding know it all’s as some kind of Stalinist but instead in line with stated Party values of inclusion and democratic engagement.

    As well as conveniently letting off the hook those within the bureaucracy and hierarchy who were, are and continue to be the actual responsible actors for these situations and events at all levels.

    No doubt if the previous Party leader had become involved in attempting to resolve the issues I referred to steveh would be on here like a shot whining and spitting his dummy out like a mardy three year old complaining about ‘ interference’ whilst selectively quoting the EHRC in support of his spurious logic free rantings.

    Alternatively, back in the real world any honest individual, intellectually or otherwise, recognises that in the UK we do not operate a Presidential system. They would also recognise where the real responsibility for these situations lies – with sectarian groups within the bureaucracy and hierarchy intent on protecting the status quo and their own priviliged power and positions regardless of the negative consequences for others, rather than conveniently trying pathetically to project the responsibility on to a single individual.

    An honest individual would also recognise the direct link between these events and examples and the present sorry situation. And herein lies the problem. Because whilever there are dishonest parasitic frauds operating within the Party, along with their useful idiot cheerleaders, who will bust a gut to deflect and excuse those with the actual responsibility by projecting their own behaviours and attitudes onto others such problems will continue regardless of who leads the Party.

    But as they say, you can’t educate pork.

    1. Spot on Dave Hansell. It’s also impossible to polish a turd, something which Steve, The Chief Turd Polisher, constantly fails to grasp. His arms must ache. Starmer is a turd and Labour is a cesspit of corruption. Let’s see if my solicitors can get answers out of the Labour Party about the mishandling of my data.

      Watch this space.

    2. Fully agree with DaveHansell’s comment at 7:06 pm and the first paragraph is a gem.

    1. Dave – Really?
      Thanks for the diatribe. It’s a shame you didn’t actually get around to answering my very simple question. I wonder why?

  18. “A precautionary approach’?

    Bit late after the stable door has been left open and the horse has bolted.

    Please tell us, steveh, you are getting paid for consistently coming out with this guff rather than embarrassing yourself for free?

    1. Dave – All we know at the moment is that there was what appears to have been an attempted ransomware attack that has had next to no impact on services. Although it may change as investigations progress at present it looks like no critical data has been stolen.
      I am pleased that the party is taking additional steps to ensure that nobody takes advantage of the current situation by impersonating (ex)members.

  19. Wonder if that astronomical £2m per year legal bill they reported includes fees from 3rd party investigatory services trawling through social media histories to find grounds to justify expulsions of those on the left?

    There needs to be a thorough investigation by the ICO and a financial audit into how Labour manages members’ data and any payments to 3rd parties, along with an explanation of the provided services People join political parties in good faith, the party should feel privileged to even have members, not the other way around. Members deserve complete transparency.

Leave a Reply

%d bloggers like this: