Analysis Breaking Exclusive

Exclusive: ICO says Labour not meeting legal obligations re Subject Access Requests from data breach victims

A number of law firms are helping current and former Labour members take legal action against the party over the damage they suffered when Labour gave their sensitive data to third-party suppliers whose system was hacked, resulting in the data of thousands – including people whose data Labour should not have been keepingending up in the hands of criminals.

And in documents seen by Skwawkbox, the Information Commissioner’s Office (ICO) has confirmed that the party is compounding its breach – by failing to meet its legal obligations to respond to ‘Subject Access Requests’ (SARs) from those affected. An SAR is a formal request to disclose what information an organisation holds on an individual – so those hit by Labour’s latest massive data breach are still in the dark about exactly what information of theirs is now likely to be circulating on the dark web and in the criminal underground.

The ICO has said that it is contacting the party to tell it to fulfil its legal duty and answer the requests. The regulator has so far proven toothless in terms of actually punishing the party for its contempt for the law and the rights of its members, but Labour could face fines of almost £20 million for the breach.

SARs are also in the pipeline to the two outside companies involved in the breach. The Labour party has been contacted for comment.

SKWAWKBOX needs your help. The site is provided free of charge but depends on the support of its readers to be viable. If you’d like to help it keep revealing the news as it is and not what the Establishment wants you to hear – and can afford to without hardship – please click here to arrange a one-off or modest monthly donation via PayPal or here to set up a monthly donation via GoCardless (SKWAWKBOX will contact you to confirm the GoCardless amount). Thanks for your solidarity so SKWAWKBOX can keep doing its job.

If you wish to republish this post for non-commercial use, you are welcome to do so – see here for more.


  1. I’m not sure how this tracks with my experience with the ICO, but I suppose it probably does. They said Labour has every right to request photo ID before acquiescing to an SAR, even in the context of a data breach which would render Labour untrustworthy with new info.

  2. It would be interesting to see a redacted version of this letter from the ICO.

    1. Evans and Starmer will be pulling-out all the stops to make sure that doesn’t happen…

      The Forde Inquiry Panel has no-doubt been ordered to “drop everything” (in the long grass) to resolve Starmer’s SAR predicament immediately.

      1. qwertboi – You must have missed this bit in the above article 🤔
        “in documents seen by Skwawkbox, the Information Commissioner’s Office (ICO) has confirmed that the party is compounding its breach – by failing to meet its legal obligations to respond to ‘Subject Access Requests’ (SARs) from those affected.

      2. Read the article again, soft lad. (Even though we KNOW it’s yet ANOTHER piss-weak attempt at obfuscation)

        Absolutely NOWHERE is the Forde report mentioned in the article.

        The breach of the data hack is what’s being compounded by smarmer and fat Dave not complying with SARs.

        And in documents seen by Skwawkbox, the Information Commissioner’s Office (ICO) has confirmed that the party is compounding its breach – by failing to meet its legal obligations to respond to ‘Subject Access Requests’ (SARs) from those affected.

        Try again….In fact, don’t bother. It’ll be every bit as shite as your original effort. 😒

      3. SW is obviously an exemplary journalist, and, as he says, has ‘seen’ the document. That’s what good journalists do: they verify assertions. Even if he could, reproducing it for all to see would lay him open to litigation (which, heaven forbid, was of course not your intention, was it?).

      4. qwertboi – “Even if he could, reproducing it for all to see would lay him open to litigation”
        Don’t be daft – Litigation for what?

      5. I’ll ask you the same question, plums.

        Don’t pretend you need it spelling out for you…Again.

      6. Toffee – I’m sorry but your question doesn’t make sense, perhaps you should read the whole thread again and then have another go at it.

  3. Who are these law firms because I was scammed (almost) just last year after resigning (by letter) from Labour 18 months earlier? I wrote Labour a letter after receiving their letter about the data breach but never got a reply. I’m now getting a load of scam calls on my phone even though my number was never available on line. I would like to add my voice to the proceedings.

  4. I’m not sure that the Labour Party is in for quite as rough a ride from the ICO as readers might infer from your article. I got a reply from the ICO this week following a complaint to them about Labour’s lack of response to my SAR. The ICO’s response was, and I quote, “The ICO has had a meeting with the Labour Party and we are now of the understanding that the Labour Party intend to provide a response to all outstanding requests as soon as possible. Therefore, if you continue to not receive a response from the Labour Party regarding this matter, I would advise contacting the Labour Party about these concerns. The ICO’s role is to provide an outcome to individuals and we are unable to act as a mediator in these situations.”
    All pretty wishy washy, and the ICO seems to recognise that if an organisation like Labour obfuscates and delays long enough, there’s nothing the ICO can do about it other than refer you back to the organisation that ignored your request in the first place. I have now submitted a complaint to the ICO about their own lack of action, and I’d advise your readers to do the same.

  5. Can’t worm, loophole, fine tooth comb, lie spin yourselves out of this one, BlueKeef and Blobby! Can you hear that Kaching, Kaching as the miserably underfunded Neo-Labour TORY Party gets flushed down the pan!

    1. Yes, where’s David Sainsbury and David Rockefeller when Keir needs them?

      1. Well at least he can always rely on the wee fella for *ahem* succour…😏

        (Which is akin to Captain Blackadder relying on Lt George on Blackadder goes forth !)

      2. And I see toffee that the royals have had to cancel part of the “Tour of tours” farewell trip to the Caribbean again.Seems like nobody wants anything to do with flag flying colonialism especially were the establishment troll Steve H broadcasts the true blue message from.Methinks “wee fella” didnt weigh up just how the locals feel about British imperialist attitudes especially if they strutt round like a knight of the realm groupy and a royal fanatic..Don’t think wee fella “studdied history?

    1. Ben, I first requested a SAR in December 2017. I eventually received a partial SAR in September 2019 after the ICO and a solicitor got involved. Then in discussion with the ICO it became clear that the way Labour have set up their GDPR obligations meant two SAR requests were needed to get all the data –

      1 A SAR request for national data
      2 A second SAR request to the CLP data controller for data for data held in the regional office and the CLP (this covers the BLPs).

      I eventually received a second and again partial SAR in August 2019. I have some of the missing documents, some of which were circulated around the CLP in breach of GDPR, given to me by a friend. The ICO instructed the CLP secretary to give me the information I knew existed, but he never complied.

      When I was informed of the data breach I requested a SAR, but refused to give the Labour party any more of my personal details, on the grounds that they cannot be trusted to keep them safe and as they held no photographic ID on me, why would that be a requirement? Also as they contacted me and knew that my data was compromised, why did they need further proof of identity? Why did they not supply me with the data as a matter of course? That’s what a decent data controllor, who took their responsibilities seriously would have done. After 30 days I informed the ICO of their non compliance. The ICO have agreed with the Labour party that they do not have to provide me with a further for a SAR, on the grounds of my not giving them photo id. To the best of my knowledge it is not mandatory under GDPR to request photo ID.

      I have recently found out, that at the time I was trying to get a SAR from the Labour party, members of the Labour party were employed in the ICO’s office. This included Councillor Alex Ganotis, Labour leader of Stockport Council who was a group manager. A member of my ex CLP executive was also employed by the ICO.

      This blog is c 2016 and the ICO is now under new management.

  6. Strikes me that any current or former member of the recklessly outsourcing-Labour Party who doesn’t make a Subject Access Request either trusts the Labour party implicitly (Starmer and all), or has very little self-respect, which in the age of surveillance capitalism is rather irresponsible and quite dangerous.

    Thank you SW. Which of the ‘number of law firms’ people are using seem to be making most headway. I feel a project coming on…

    1. qwertboi It’s difficult to know who is making the best headway, from what I’ve seen all solicitors seem to be following the same track and it’s a slow, “forensic” process. Everytime something like this breaks, more victims of the breach get on board and sign up with a solicitor.

      The more the merrier I say.

  7. Quelle surprise….Best start coming across, keefy boy. You’re NOT the law and you NEVER were.

    On another note, I see old habits are dying hard with the Sally Army

    They were poverty pimping on an industrial scale a few years back, abusing the ‘work for your dole scandal. It appears they’ve now gone all rachman .

    Bunch of hypocritical money-grubbing god-botherers 😒

    1. All Charities are Neoliberal TORY Occupied Laundromats for the Rich. All those huge donations they make for MSM snapshots gets washed and scrubbed right through the system and comes out in neat little scented wrapped bundles in The Caymans, etc! Why on earth would charities need CEOs on 150K to 250K++ (all their account are declared online) they probably have 0 connection with charity business, but 100% connection with The City! We see or hear nothing from foodbanks that is not good, because the neoliberal vultures were circling since they opened! Once they get their grubby claws into foodbanks, people will have to start paying for food donated to them!

      1. The knight knows the system and they will drag on for years and years using members hard earned money.Unless the labour party are bankrupted which I believe is the intention.And has for charities and NGOs some were good some were bad like socialists.they are not perfect and many have been infiltrated by parasites and government agencys.Carritass,Cafod,Emeauss and local
        St Vincent de paul who will help anyone are at the front of non profit organisation who have made a better world and I personally can say that they try their best and the World would be a worse place without them especially now and especially in the UK.

      2. I agree Joseph, I should say Most rather than All, but the elites will grind the good down like they ground Jeremy Corbyn down. They do not want organisations who offer free services to help people in need they do not want a Socialist Government who will bring justice and equality, they do not want a Russia, China, Pakistan, India, etc who stand square in their face and refuse to do as they say, they will…………uhhm attempt to grind them down, look what they did to the ME, look what they did to the UN, ICC, look what they did to Khashoggi, look what they are doing to Assange. It’s also obvious in the Open Source, if you use Linux you’ll notice how few Distros/Apps are still truly Open Source even Firefox, Duck, Duck are no longer safe, then again how many hackers are there today who are not bought and paid for by the elites. I guess it boils down to as you say 2 kinds of people, Good People and Bad People, but Good People sure seems to be dwindling.

  8. Made my request last November. Still not heard anything…….Tick tock…££££££££££

  9. Sorry Quertboi -but what has the Forde Enquiry
    to do with this?

    Yes – we are still waiting for it – but the ICOs
    decision is in addition to that delay ..

    There is a great silence from the MSM about
    these matters plus about the harassment of
    members of the Jewish Community by the
    Labour Party. Meanwhile many who remain in
    the Labour Party are being very careful as to
    who they support and campaign for – who are
    also remaining silent. It reminds me of the days
    of Soviet dissidents who only swapped information
    with trusted individuals.

  10. Not surprising.

    Southside give every impression of holding the party’s entire membership and CLPs in total contempt. They despise(and fear) members because Corbyn was twice elected, and see the membership as a problem that needs fixing. No solidarity of fellow travelers on a journey to power together. Essential leftwing values; promoting solidarity and equality simply aren’t shared by ‘the few’ at the top.

    The autocratic attitude of these centrist careerists can be summed up as : Why can’t we have a party for MPs only, without pesky members wanting input and to shape policy?

    As a result the current Labour party is a empty rightwing husk, only still standing because some unions and parts of the membership are in denial.

  11. Wouldn’t be surprised if this whole ‘partygate’ furore that the MSM are digging in over, is the Tories and compromised MSM throwing Starmer an electoral lifeline. Notice how Johnson never fires back highlighting Starmer’s rank hypocrisy?

    If Starmer is forced to quit after May’s elections it’s an open question as to which side of the House will be most disappointed.

Leave a Reply

%d bloggers like this: