Watchdog faces probe after data leak

UK electoral commission under investigation after leaking details of pro-union campaign donors

The UK election watchdog has apologised after it inadvertently released the details of a pro-Union campaign group on its website.

The Electoral Commission failed to redact the details for 168 individuals who had donated to Scotland in Union, after a Freedom of Information request.

The full names of those who donated could be seen by simply cutting and pasting the spreadsheet after a technical issue enabled access to the personal information. The body now faces an investigation by the Information Commissioner's Office and potentially a large fine for breaching the Data Protection Act 1998.

Advertisement - Article continues below

The Scotland in Union was set up after the 2014 independence referendum and describes itself as a non-party organisation campaigning to promote Scotland in the UK.

The group's website promises to process its supporters data in compliance with the Data Protection Act 1998.

They responded to a request from the Electoral Commission to supply a list of donors who had pledged 500 or more.

The group said the information was encrypted, to protect its supporters right to privacy, but after the commission published the list on the website, it quickly became apparent that it had not been properly redacted.

The spreadsheet could be cut and pasted into another document where the names could all be seen by removing the blanked out details.

Advertisement
Advertisement - Article continues below

The commission is supposed to use data sanitising tools to remove data from documents, rather than just blank out the information, but due to a technical issue the information was discovered and circulated widely on social media.

Advertisement - Article continues below

Speaking to the BBC, the group claimed some of its supporters had already faced harassment as a result of the error.

"We have still to receive a full explanation from the Electoral Commission as to why they placed private information about our supporters in the public domain and we are consulting our legal team about next steps," said a spokesman. 

"Unfortunately, we have already had instances of supporters being harassed as a result of the Electoral Commission's breach. This is completely unacceptable."

The release of such information may be in violation of the Data Protection Act 1998 and could result in criminal prosecution or a penalty of up to 500,000.

In a statement, the Electoral Commission said: "On 25 April the commission was notified of a technical issue with the application of redactions in a Freedom of Information response published on the commission's website.

"The redaction was ineffective and enabled access to personal information in relation to donations to Scotland in Union. The commission takes the management of data extremely seriously and regrets this issue.We are taking all reasonable action to minimise any harm caused and to rectify matters where we can."

Advertisement - Article continues below

The statement added: "We immediately removed the response from our website and are working with Scotland in Union to ensure that the individuals affected are notified.

"The Information Commissioner's Office has been formally notified of the breach. We are carrying out a full test of our redaction tool to understand how it occurred and will subsequently update internal procedures if required."

Image credit: Shutterstock

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The economics of infrastructure scalability

Find the most cost-effective and least risky way to scale

Download now

IT operations overload hinders digital transformation

Clearing the path towards a modernised system of agreement

Download now
Advertisement

Most Popular

Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/security/vulnerability/356295/microsoft-patches-high-risk-flaws-that-can-be-exploited-with-a
vulnerability

Microsoft releases urgent patch for high-risk Windows 10 flaws

1 Jul 2020
Visit/security/34616/the-top-password-cracking-techniques-used-by-hackers
Security

The top 12 password-cracking techniques used by hackers

12 Jun 2020