Data breach

22 Dec

Branch secretaries across West Ham Labour party have received an email today from Josephine Grahl, the vice chair for membership, about a serious data breach in Green Street West:

Dear Branch Secretary,

I am writing to draw your attention to a recent incident in which personal membership data of individuals may have been misused or accessed by an unauthorised person.

In September 2017, following the third attempt to hold a branch AGM in Green Street West, a number of members in that ward reported to the CLP Secretary and to myself that their Labour Party membership had been resigned without their knowledge ahead of the AGM. Emails were sent to the National Membership team purporting to be from these members, quoting their Labour Party membership numbers and home addresses, and stating that they wished immediately to resign their Labour Party membership.

Most of these members have now been reinstated with their continuity of membership preserved as the National Membership team recognised that the emails were sent maliciously from email addresses which were not the addresses on record for those members.

This has been reported to both the police and the Information Commissioner alleging illegal misuse of personal data. The matter has also been referred to the Labour Party’s Governance and Legal Unit.

This is a cause for concern as in order to make these fraudulent resignations someone must have had access to the name, address and Labour Party membership numbers of the affected members. I am therefore writing to all officers with access to personal data to make them aware of this breach and ensure that they are aware of their responsibilities.

Branch Secretaries should be aware that their access to the personal data of members is governed by the Data Protection Act, and that misuse of this data may put the Labour Party in legal jeopardy. On no account may membership data be used for purposes other than that for which access is granted. If you are aware of any breach, you should contact the National Membership team on labourmembership@labour.org .uk or 0345 092 2299.

For more information the Labour Party’s data protection guidelines are available on Membersnet at https://members.labour.org. uk/rules-and-procedures [ registration required]

Please feel free to contact me if you have any questions or concerns about the above.

With the obvious caveat that I am not a lawyer, it appears that whoever did this has committed not just an offence under the Data Protection Act but also under the Communications Act 2003. Section 127(2) of that act targets false messages intended to cause annoyance, inconvenience or needless anxiety. According to the Crown Prosecution Service, they “shall be liable, on summary conviction, to imprisonment for a term not exceeding six months or to a fine or to both.”

Someone should be feeling very nervous.

Advertisements

2 Responses to “Data breach”

  1. scwalkermecom December 23, 2017 at 19:02 #

    Presumamby People acting as those members were impersonating them – is this not fraud?

  2. Down to Earth December 26, 2017 at 21:16 #

    The problem being, to identify that
    “someone”
    which is in the hands of the Labour Party staff who received those e-mails
    and not anyone local.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: