ICO finds Labour Party repeatedly failed to meet data protection obligations, particularly in handling Subject Access Requests.
The UK's Information Commissioner's Office (ICO) has found the Labour Party repeatedly failed to meet data protection obligations, specifically in handling Subject Access Requests (SARs) and responding to individuals who asked what personal information the party held on them. The Labour Party was reportedly unresponsive to over 78% of SARs, with more than half delayed by over a year. The ICO's investigation discovered that a "privacy inbox" related to a cyber attack had not been monitored since November 2021, resulting in unanswered SARs and requests for data deletion. The party has since assigned three temporary members of staff to tackle outstanding requests, allocated extra funding, and implemented an action plan to ensure prompt responses in the future.