A Perthshire MP has said it was “standard practice” for correspondence to be passed to them after becoming embroiled in a “data breach” row with a nearby SNP MSP.
Scottish Conservative member for Ochil and South Perthshire Luke Graham became involved in a row between SNP depute leader Keith Brown and the Department for Exiting the EU (DExEU) after it admitted a data breach by passing information from the SNP to his office.
DExEU said there was “an unauthorised disclosure of information by a member of staff” after Mr Brown wrote to Brexit Minister Robin Walker raising the concerns of a constituent.
Asked by The Courier whether the staff member should have acknowledged the “breach” and informed him, Mr Graham said no, and added: “My staff and I were unaware of investigation and no personal information was shared with us.
“My office has a strong record of working with all levels of government to resolve constituent issues and concerns and my staff and I will continue to help constituents wherever possible.
“It is also standard practice to include a sitting MP in any correspondence where that MP’s office is mentioned or referred to, which I understand it was.”
Mr Brown has now written to Sir Mark Sedwill saying the breach shows the Westminster system is “completely broken” and asking him to investigate how widespread the practice is.
The Clackmannanshire and Dunblane MSP Mr Brown wrote to Mr Walker raising the concerns of a constituent whose business relies on EU workers.
The MSP’s office was then called by a member of staff for Mr Graham, whose constituency overlaps with Mr Brown’s, asking for more information about the constituent.
Mr Brown complained to Mr Walker at the DExEU and an investigation was carried out.
In a letter, DExEU permanent secretary Claire Moriarty told the MSP: “We have now completed that investigation and I can confirm that there was an unauthorised disclosure of information by a member of staff.”
She said Mr Graham had been asked to delete the communication from his records.
Mr Brown said: “This is a deeply concerning incident which should never have occurred.
“Constituents raise concerns with their MSPs in complete confidence.
“It is unacceptable for strict data protection rules to be cast aside for political gain – which appears to have been the motivation here.
“While I welcome the findings of the Permanent Secretary to the Brexit department that an unauthorised disclosure did indeed take place, the case raises more questions than it answers.
A DExEU spokesman said: “The department has rigorous processes in place to address issues of this sort, and this was dealt with immediately when it came to light.
“Appropriate action has been taken in line with our security, data protection and disciplinary procedures.”