Party alleges that Joan Ryan’s actions breached GDPR and the Data Protection Act
Credit: CROFT MALCOLM CROFT/PA Archive/PA Images
Labour has reported one of the rebel MPs who quit last week to the Information Commissioner over claims she tried to access sensitive data held by the party.
Joan Ryan has denied the alleged data breach, which is said to have taken place after she and seven of her colleagues resigned to join The Independent Group. Labour officials cut off access to its canvassing software earlier this week, claiming unauthorised attempts had been made to access membership lists.
In an email to MPs and staff last week, general secretary Jennie Formby said: “The party’s elected representatives, at all levels, have a proud record of conscientiously observing their obligations in relation to personal data. In recent days, however, the party has become aware of a number of attempts to access personal data held on the party’s systems by individuals who are not, or are no longer, authorised to do so.”
Labour sources said the alleged breach had been carried out by a member of the Independent Group.
Related content
- Constituents report MP to ICO over alleged data-protection breach in Facebook post
- Departments that lag on FOI responses could be named and shamed
- ICO report finds ‘disturbing disregard for voters’ privacy’ in political campaigns
Ryan, the MP for Enfield North, told The Guardian: “I have no idea what Jennie Formby is talking about. Neither I nor my office have accessed or used any Labour party data since I resigned the Labour whip and my membership of the Labour party.”
Chris Leslie, another former Labour MP who is now in The Independent Group, has accused the party of “throwing mud” in a bid to smear the rebels.
A Labour spokesperson said: “The party became aware of attempts to access personal data held on the party’s systems for unauthorised use. Personal data the party holds about individuals is protected by law, under the GDPR and Data Protection Act 2018. We are aware that the information commissioner is taking an increasingly serious view of misuse of personal data and requires a data controller to take reasonable and proportionate steps to ensure the security of data held on its systems. The Labour party takes our data protection obligations extremely seriously.”