SNP told to tighten data security after revealing voters' names in error

People received letters addressed to neighbours or strangers, and one woman received 30 letters at her home, all addressed to people who did not live there.

The ICO has ruled that the party did not breach the Data Protection Act. The party has been given official advice to ensure its staff are properly trained, and told to increase its cross-checking of mailings to make sure they are accurate. The party could have faced a large fine had it been found guilty of a breach.

The commissioner said it had received six complaints about the incident, which were dealt with together and were all now closed.

“We investigated an incident involving inappropriate disclosure of personal data in election materials sent through the post,” an ICO spokesman said. “The incident did not warrant formal enforcement action but the data controller was given written advice on data protection practices.”

The SNP said it was pleased it had been cleared of breaching data protection laws, and repeated its apology to the voters affected by the mistake.

“We welcome the ICO decision to take no action. As we said at the time it was a clerical error and we’ve taken the necessary steps to make sure it doesn’t happen again. Once more, we wish to apologise to anyone affected,” a party spokesman said.

The ICO said the SNP was among a number of parties being audited to make sure they were not breaching privacy laws when using personal data and social media data for campaigning purposes.

ICO records show the SNP has been the focus of 12 data protection, privacy and electronic communications complaints since the beginning of 2017. In most cases the party was given advice on its practices and on compliance rules. Two cases were closed with no action.

Since the start of 2017 four cases had opened with the Scottish Greens, two cases with Scottish Labour, and two cases with the Scottish Conservatives. In those cases advice was also given or closed with no action.