Parliament Scandal – data breach affects thousands of MPs’ employees
parliament data breach scandal

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Parliament Scandal – data breach affects thousands of MPs’ employees

Of all people to accidentally publish personal details, you wouldn’t have thought it’d be an independent watchdog…

Following news reports form the BBC, the expenses watchdog has been left red-faced and has issued an apology for their disastrous error where approximately 3,000 MPs’ employees and their salaries were mistakenly published.

The Independent Parliamentary Standards Authority (IPSA) was created by Parliament in 2009 to independently oversee and regulate MPs’ business costs and expenses, and in this instance, they have found themselves at the centre of a scandal themselves.

What was disclosed?

Through their apology, the IPSA noted what private information was published:

  • Employees’ names;
  • Employees’ salaries and bonuses;
  • Employees’ disabilities and their allowances;
  • Employees’ details about their working and holiday patterns;
  • Details of the employees’ wives and family members.

The IPSA confirmed that no addresses, bank account details, national insurance numbers, or phone numbers were published. However, they acknowledged that the personal information disclosed was extremely personal.

ISPA’s CEO, Marcial Boo, tried to reassure the employees involved that none of the information would put their security in jeopardy. But how can he make such an assurance?

Data breach inquiry

Following the error, the IPSA launched an inquiry in order to get to the bottom of the matter. They believe that “extremely sensitive” information stored on 3 files was publicly available for approximately 4 hours.

The IPSA was notified of the breach by a Conservative MP, Karl McCartney, and the information was taken down within an hour. As the information was publicly accessible for 4 hours, it could have been circulated to thousands or millions of people. The initial findings of the inquiry found that it was mistakenly uploaded onto an old version of its website, which will be archived.


Mr McCartney is, understandably, highly embarrassed by the incident and posted his opinion on Twitter that whoever posted the files online, “really needs some IT training before their next job”. We’re with you there, Mr McCartney. Not only is it embarrassing for an independent public authority, but it also disregards data protection rights and principles afforded under the Data Protection Act.

ICO’s involvement

As with most data breach cases, the Information Commissioner’s Office (ICO) has been notified to provide their comments and findings on whether they believe a breach of the law has occurred. It’s quite clear to there is a data breach of the employees’ personal data in or view, as their information was published without their knowledge or consent. Though the ICO’s findings aren’t legally binding, they can be useful, and fines can be issued for punishment.

The bottom line is that sensitive data was disclosed to the public, and that amounts to a data breach, given that consent wasn’t given. Labour MP Chris Bryant notes the distress is may cause to those involved:

“…staff will be more worried than anyone else because they’ve done nothing to bring themselves into the public domain in this way.”

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon