Croydon (Parliament Politics Magazine) – Croydon Labour mayoral candidate Rowenna Davis faces criticism after two incidents in a week where residents’ private data was mistakenly exposed.
Tory critics say the problems, notwithstanding her apology, raise questions about how her campaign handled sensitive material in the run-up to the local elections next year.
The most recent incident occurred on a Facebook page called Community Action, which Cllr Davis administers to promote local community problems. Cllr. Davis and fellow Waddon Labour councillor Ellily Ponnuthurai were seen holding a clipboard containing a petition in favor of the reopening of Wandle Park Café, which has been closed for a number of years, in an image that was used as the page’s profile picture.
The picture made it easy to see a number of petitioners’ names, email addresses, and partial residential addresses. The Local Democracy Reporting Service (LDRS) was informed by Cllr. Davis said that she was unaware of this problem.
After apologizing, blurring the photograph, and consulting with the Information Commissioner’s Office (ICO), Cllr. Davis stated that she had not received any complaints from the page’s 372 followers. However, this incident has drawn criticism from Croydon Conservative councillors, whom she will face in the elections next May.
Jason Cummings, Conservative councillor and Cabinet Member, told the LDRS:
“This is the second occasion within a week that we know about where Labour’s candidate for Mayor has publicised highly sensitive details about local residents. Those affected will rightly be concerned about this disregard for personal data.”
He added:
“The candidate should again refer herself to the Information Commissioner, and Croydon Labour must immediately contact those affected to apologise, as well as working to ensure it doesn’t happen again.”
This latest incident comes after another last week in which the email addresses of more than 300 supporters were unintentionally made public by Cllr Davis’s campaign. An email inviting recipients to a community gathering was sent last Wednesday, September 10, but it did not use the blind copy (BCC) feature, allowing recipients to view each other’s addresses.
Cllr. Davis referred herself to the ICO as a result of this violation of the 2018 Data Protection Act and GDPR requirements. Later that night, she published an apology after acknowledging her mistake.
Acknowledging last week’s incident, Cllr Davis told the LDRS:
“We immediately apologised to those affected and put safeguards in place to ensure this does not happen again, including making sure every email goes through a secure server. No data beyond email addresses was shared.
We took advice from the Information Commissioner’s Office, who said this did not need to be reported, but we did anyway because we care about this.”
The ICO confirmed to the LDRS that it received her referral and is assessing whether a breach took place.
Which residents were affected and how many email addresses leaked?
Rowenna Davis’s campaign accidentally leaked over 300 individuals’ email addresses when data was accessed. The individuals affected were primarily campaign supporters, residents of the borough who had signed up for campaign material, and some former politicians who are no longer active in Croydon.
The above-mentioned individuals who were on the list were primarily local residents and campaign supporters, and a few former political figures. This occurred as the email went out without BCCing, which meant that all of the recipients’ emails were exposed to everyone else, and then an individual subsequently forwarded the exposed list of emails to a number of people.
The campaign was aware of the breach, apologized, and urged recipients to not mis-use the emails, or share them.