A tweet today referred me to a New Statesman article from October last year which contains what I think are actually quite serious allegations against Tory MP Douglas Carswell (who has today announced his intention to resign his seat and re-stand for UKIP) or, perhaps, against his local party machine. The magazine alleges that
A snout rang with the tale of an Essex man who went along to a Clacton fish-and-chip supper organised by the local MP, Douglas Carswell. The chap paid his £10, enjoyed his cod and then listened to the debate before going home unconvinced by the Tory case on Europe. So imagine his perturbation at a letter from Carswell’s office informing him that his tenner would be converted into membership of the constituency association unless he wrote back renouncing the party. The chap couldn’t be bothered to reply and – hey presto! – an unwanted Tory membership card duly popped through his letter box.
I do not know if if this is true*. I’ve asked Mr Carswell via his twitter account whether it is, but, understandably, he may have more pressing priorities today. He was certainly in the habit of hosting such events, as his personal blog shows.
But if it is true, it raises concerns about the handling of constituents’ personal data. The second principle of the Data Protection Act 1998 (DPA) provides that
Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes
and by section 4(4) of the DPA a data controller (the person or persons who determine the purposes for which and the manner in which any personal data are, or are to be, processed) must comply with the eight data protection principles. Failure to do so renders the data controller liable to private legal action by aggrieved data subjects, as well as regulatory enforcement action by the Information Commissioner (which can consist of monetary penalties to a maximum of £500,000 for especially serious contraventions). Mr Carswell’s entry on the Commissioner’s register confirms he accepts his status as data controller, as does the entry for his local Conservative Constituency Association. Any personal data of a constituent attending fish-and-chip suppers had to processed in accordance with eight principles, and wrongly recording someone as a member of a political party would involve the processing of sensitive personal data (a category which includes information about political allegiance, and which is afforded even higher protection).
And, as well as being in contravention of the second principle, such processing would be in breach of the first, which requires that personal data be processed fairly and lawfully. I’m not going to make a party political point, but as of today, even Mr Carswell might feel that, in broader terms, it would be particularly unfair to wrongly categorise someone as a member of the Tory party.
*If Mr Carswell refutes the allegations in the story I will be very happy to amend this blog post accordingly
informationrightsandwrongs 
Pingback: Data protection implications of MPs crossing the floor | informationrightsandwrongs