Watchdog faces probe after data leak

UK electoral commission under investigation after leaking details of pro-union campaign donors

The UK election watchdog has apologised after it inadvertently released the details of a pro-Union campaign group on its website.

The Electoral Commission failed to redact the details for 168 individuals who had donated to Scotland in Union, after a Freedom of Information request.

The full names of those who donated could be seen by simply cutting and pasting the spreadsheet after a technical issue enabled access to the personal information. The body now faces an investigation by the Information Commissioner's Office and potentially a large fine for breaching the Data Protection Act 1998.

The Scotland in Union was set up after the 2014 independence referendum and describes itself as a non-party organisation campaigning to promote Scotland in the UK.

Advertisement
Advertisement - Article continues below

The group's website promises to process its supporters data in compliance with the Data Protection Act 1998.

They responded to a request from the Electoral Commission to supply a list of donors who had pledged 500 or more.

The group said the information was encrypted, to protect its supporters right to privacy, but after the commission published the list on the website, it quickly became apparent that it had not been properly redacted.

The spreadsheet could be cut and pasted into another document where the names could all be seen by removing the blanked out details.

The commission is supposed to use data sanitising tools to remove data from documents, rather than just blank out the information, but due to a technical issue the information was discovered and circulated widely on social media.

Speaking to the BBC, the group claimed some of its supporters had already faced harassment as a result of the error.

"We have still to receive a full explanation from the Electoral Commission as to why they placed private information about our supporters in the public domain and we are consulting our legal team about next steps," said a spokesman. 

"Unfortunately, we have already had instances of supporters being harassed as a result of the Electoral Commission's breach. This is completely unacceptable."

The release of such information may be in violation of the Data Protection Act 1998 and could result in criminal prosecution or a penalty of up to 500,000.

In a statement, the Electoral Commission said: "On 25 April the commission was notified of a technical issue with the application of redactions in a Freedom of Information response published on the commission's website.

Advertisement
Advertisement - Article continues below

"The redaction was ineffective and enabled access to personal information in relation to donations to Scotland in Union. The commission takes the management of data extremely seriously and regrets this issue.We are taking all reasonable action to minimise any harm caused and to rectify matters where we can."

The statement added: "We immediately removed the response from our website and are working with Scotland in Union to ensure that the individuals affected are notified.

"The Information Commissioner's Office has been formally notified of the breach. We are carrying out a full test of our redaction tool to understand how it occurred and will subsequently update internal procedures if required."

Image credit: Shutterstock

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/business/business-strategy/354195/where-modernisation-and-sustainability-meet-a-tale-of-two
Sponsored

Where modernisation and sustainability meet: A tale of two benefits

25 Nov 2019