IPSA pays compensation to data breach victims
The Independent Parliamentary Standards Authority (IPSA), the body responsible for setting and regulating MPs’ expenses, business costs, salaries, and pensions, has paid damages to victims of a “significant” data breach that affected 3,000 people, predominantly MPs’ staff.
The large-scale data leak took place on 30 March 2017, with extremely sensitive personal information published by an IPSA employee on an IPSA website. The data was available for several hours, and the identity of those who accessed and obtained a copy remains unknown.
The data leak took place amid heightened security concerns following the murder of Jo Cox in her constituency in June 2016, and came just one week after the Westminster terror attack.
The data breach and its impact on staff was recently raised by Jim Shannon MP in the House of Commons, with Shannon requesting that the Minister for Digital and Creative Industries, Margot James MP, outline the funding allocated to cyber security and the personal safety and security of House of Commons employees.
A spokesperson for JMW Solicitors, said: “This was a serious data security failure by one of the country’s high-profile regulatory bodies, an organisation which holds a large volume of very sensitive information. This data breach gave rise to a great deal of distress and upset among those affected - in the aftermath of the incident, some clients were afraid for their personal safety in particular, this having happened at a time of heightened concern for the security of those working in Parliament and constituency offices.
“It’s unacceptable for such a large-scale data breach to have taken place, not least by IPSA. Equally, IPSA’s failure to carry out a full information security review until some five months after the incident illustrates its historically lackadaisical approach to data security.
“Our clients are pleased to have reached a settlement with IPSA. The improvement of data security at IPSA will also provide employees with confidence that their personal information will be safeguarded and handled with appropriate care in the future.
Anyone who was affected by this incident and hasn’t yet been in touch, should do so at their earliest convenience.”