One of the worst data losses of the year has to be the loss of membership data by the BNP and the subsequent passing of that information into the public domain. RiskMonkey doesn’t think much of the BNP, but knows that many members are not so much evil racists, as disillusioned and misled. To find that your expression of powerlessness in the face of change has become a matter of public knowledge matters greatly when you find you’re suddenly associated by your neighbours with the sort of racist thuggery which which the BNP made it’s name.
The consequences of this leak are therefore worse than most. It could ruin lives far more easily than the average corporate loss, or even the steady stream of government losses.
So who is at fault? The easy answer is the BNP, whose employee appears to have leaked the data in the first place. Why give a list of data to an invididual employee to send a mailing, rather than mail-merge from an office, with the information staying (hopefully safely) in a central database? This sort of treatment of data in a company whould be deemed entirely unsatisfactory.
In polics however, we are dealing largely with volunteers. Volunteer committees run branches and assiciations for all parties, so all parties need to sit up and take note. Where is your information going? Who does have access to it? Obviously all candidates, representatives, and canvassers need access to some information. However, political parties around the world should take note. Whilst most manage their central operations far better than the BNP, the amount of data circulating locally is considerable, from membership and donor lists to electoral registers.
For now, the focus will be on this loss, with the BNP threatening retaliation and (former) members and supporters losing their jobs or apparently living in fear. That would not be the case for a mainstream political party looking to represent entire communties, whose members often rightly feel a strong sense of pride at being part of national democracy. However, the embarassment would still be there, members would still feel let down, and involvement in the deomcratic process discouraged. Lets hope the serious political parties are taking data security seriously.
