Data breaches in a political party point to poor data protection and governance.

August 20, 2020 |

One of the many flaws in the Privacy Act 1988 is that political parties are exempt from its coverage. That was not an omission or unintended consequence of the drafting. There was a specific carve out for political parties in section 7C of the Privacy Act.  The provision, titled Political acts and practices are exempt, is comprehensive in exempting political organisations and their sub contractors (sub section 3) and their volunteers (sub section 4).  These provisions were passed with bipartisan support.  It was and remains a major public policy failing.

The lifeblood of political parties is data.  Data allows political parties to refine messages and target voters.  That data comes from constituents contacting their local members, polling, gleaning information from social media and other forms of information collection. Gone are the days when political parties relied on rough quantative surveys and the gut feel of hardened political operatives.  Political parties know focus on blocks and streets, not suburbs and electorates when they are not targeting individual voters.  Most of that data is personal information.

The other store of data that political parties store are membership lists.  Membership lists are nuggets of gold for apparatchiks in their constant quest to work numbers, whether in pre selection fights or competing for positions within the many committees within all political parties. And internal competition can be fierce, much fiercer than between political parties.  Factions spend an enormous amount of time signing up members to electorate branches while rival factions monitor those activities and attempt to derail them whenever possible, as well as signing up their members.   The desire to thwart one’s opponents easily descends into regrettable acts of skullduggery. And that seems to be at the core of the data breach of the Victorian Division of the Liberal Party as reported in Warring Victorian Liberals spring a data leak.

By any measure a data breach involving the access and distribution of the personal details of Liberal Party members without their consent is a very serious matter.  Many members of political parties are quite open about their membership, some are very vocal about it.  But many are not for a range of legitimate reasons, be it causing difficulties in their jobs (such as working in the public service) or personal, not wanting family members to know they are active.  And because of the corrosive nature of inter party fighting it attracts unwanted attention as seems to have occurred with members being called and quizzed on their membership and who paid their membership fees.  Worse, the story reports that details of the list have been provided to journalists.

The response is typically familiar when political parties suffer embarrassing data leaks, call in the police.  It looks and sounds strong and means very little.  The police come in, look around, take a few statements, realise quickly they are part of a pantomine (though they probably knew that before putting on granite faces and walking in with clipboards tucked under an arm) and send their carefully typed report up the chain of command until it gets a nose bleed.  Weeks pass then months go buy and on a Friday afternoon close to Christmas a press release announces the investigation is closed.  And that is probably the right result.  Because the problem is not about criminal activity, it is about poor governance and poor understanding of what is required to properly collect, store and use personal information.  And for better or worse, generally worse, the appropriate party to investigate is the Australian Information Commissioner should investigate, which can’t be done because political parties have been exempted from coverage.  Some of the most data intensive organisations in Australia collecting some of the most sensitive personal information are exempt.  It is a failure of public policy on a staggering scale.

The article provides:

Police will be asked to investigate a massive data breach in the Victorian Liberal Party, one which could spark a federal intervention in the increasingly dysfunctional branch.

The private details of hundreds of party members have been leaked to discredit key federal and state MPs across Melbourne, sparking an internal investigation into the release of the highly confidential information.

The Liberal Party has since been inundated with complaints from members who are being cold-called to discuss their private political affairs, including how their memberships were paid and who paid for them.

One Liberal MP said the leak appeared to be the “biggest in Australian political history” and that it would fuel demands for ­national intervention in the party’s Victorian branch.

The breach appears to be part of a campaign to discredit some federal and state MPs over alleged branch stacking.

Victorian director Sam McQuestin is checking to see whether any details have been stolen from party databases — of particular concern is whether any credit card or other payment ­information was leaked.

The second possibility is that the leaked private information was collated over several years from preselections and party ­forums like state council, where lists are kept of members for voting purposes.

One MP familiar with the leak said he had been inundated with members calling his office to complain about their private details being handed to outside parties for the purposes of factional ­pursuits. Several journalists are believed to have received all or some of the information.

One party member who was contacted last week said it “felt like an interrogation” when he was called and questioned about the way his membership was paid. “It was an invasion of privacy,” he said.

The Australian understands that there are normally two official party lists that are separated according to contact and payment details. While it is unclear whether credit card details have been leaked, several people spoken to by The Australian said this was a “live option” because of the nature of the questioning.

The issue was also raised in the most recent state partyroom meeting, when former Victorian leader Matthew Guy questioned what was being done about the leaks which — at the least — are a breach of party rules.

“There will be a police referral into this,” one MP, who is prohibited from speaking publicly about the party’s internal affairs, said. “We cannot be having such a serious data breach and not do something about it,” another said. The leak is being seen as the latest outbreak of hostilities being waged internally over the recruitment of new members.

A push by conservative members to recruit heavily in some branches — and oust sitting MPs — has divided the Liberal Party in recent years.

That move has included targeting some ethnic and religious groups in key suburbs for recruitment, a process defended by the recruiters as necessary to bolster the party’s ageing demographic.

The leaked information would enable a determination about whether memberships have been legitimate or part of a branch-stacking process.

The Australian understands membership details have been recently sought unsuccessfully by at least one senior Liberal.

Under the Liberal Party constitution, there are several things that can trigger federal intervention, including substantial noncompliance with its federal constitution.

It also includes anything that substantially prejudices the ability of the party to effectively contest or win a federal election.

The Victorian Liberal Party has been seriously undermined for years by internal divisions and infighting that has dogged the state opposition in particular.

It has hampered the ability of the party to fight elections and regularly wasted resources while battling the infighting.

Federal intervention would require a vote of 75 per cent of the federal executive and a simple majority of the state presidents.

The role of former Howard government minister Kevin ­Andrews, who has been fighting to remain in federal politics, continues to be under scrutiny from his factional opponents.

There has also been disquiet about the way members have been recruited in Melbourne’s east, with claims the integrity of the party has been damaged by aggressive recruiting.

With well over 15,000 members, the party has been fighting for years to bolster numbers because of an ageing demographic.

Leave a Reply