THOUSANDS of people have had their data leaked by Alex Salmond’s new party just hours after it launched – which could cost them as much as £17 million.

The Herald on Sunday can reveal that the names of more than 4,000 people who have signed up to attend Alba Party events were visible to the public due to a fault in the party’s website. 
Among them appear to be members of the SNP’s ruling body. 

It comes after Kenny MacAskill, the MP for East Lothian and former Scottish justice minister, and MP Neale Hanvey defected from the nationalists to join Salmond’s party yesterday prompting fears they may be the first of other high-profile members to switch their allegiance.  

READ MORE: Alex Salmond: Alba stands as a party to boost pro-independence MSPs - but it may cost SNP majority

All political parties have a strict obligation to protect the data they obtain, with the blunder constituting a potentially serious breach which could see Salmond’s party slapped with a fine of up to £17m by the Information Commissioner. 

Until The Herald on Sunday highlighted the flaw to Alba yesterday, 4,325 people’s names were publicly visible on the site due to the way in which it registers attendees.

Anyone who registers is given a “recruiter ID” which allows them to share links to events with others they think may like to attend.

However, the IDs assigned are in sequential order, and simply changing this number on any link to an online event provides the name of the person who has signed up whose name corresponds with that ID. Their name is listed as a “referrer” on the page.

Not only is the error embarrassing for Salmond’s new party, but could also have ramifications across the SNP as it appears that members, or those with their names, have signed up for Alba events.

Data obtained by The Herald on Sunday shows that at least eight members of the SNP’s ruling body, the National Executive Committee (NEC) and its sub-committees appear to have registered for Alba events.

The names of SNP NEC members Caroline McAllister, Lynn Anderson and Brian Lawson feature under the IDs 1129, 1466 and 1019 respectively. 

Ellen McMaster, who is a member of the SNP’s Member Conduct Committee responsible for disciplining members, appears to have signed up and has an ID of 577. Other SNP national committee members whose names feature include Katherine Sanders, Dalia Henry, Joan Hutcheson and Margaret Lynch. 

The SNP’s code of conduct does not rule out attending events of other political parties, but states: “Every member owes a duty to the Party to refrain from conduct likely to cause damage to or hinder the Party’s proper pursuit of its aims.”  

The fault is the latest in a series of bungles which could see the party’s launch go down as one of the most error-ridden in recent times.

On Friday, Mr Salmond appeared on a live broadcast stream to launch the new party. However, sections of the YouTube feed were in silence, initially showing the Alba Party leader smiling and shuffling at a lectern apparently unaware he was being broadcast. 

READ MORE: Alex Salmond: Nicola Sturgeon is best First Minister candidate

Questions from members of the media were unable to be heard by those viewing for the first hour of the two-hour long episode, and the pro-independence party’s website also spelled “independence” incorrectly on one of its event pages, before it was eventually changed to the proper spelling on Friday evening. 

A press release announcing Corri Wilson as a candidate spelled her own name incorrectly yesterday.  

In 2019, Mr Salmond complained to the ICO about his own data being breached by the Scottish Government – a claim which was later dismissed by the watchdog and Holyrood officials.

The former first minister reported the Scottish Government after details of sexual harassment allegations against him appeared in the media.

The watchdog said it found “no evidence” that Scottish Government staff had leaked information about Mr Salmond’s sexual misconduct probe but did say it had flagged “concerns” about the Government’s data protection practices. 

Scottish Labour deputy leader Jackie Baillie urged the ICO to investigate the breach. She said: “This appears at first glance to be a very serious breach of data protection law, and I would call on the Information Commissioner to investigate this quickly. 

“What is more troubling, but not surprising, is the reported overlap of senior members of the SNP and Alex Salmond’s supposedly new party. 

“From botched Zoom calls to leaky websites, the only thing more disastrous than Alex Salmond’s launch is the divisive vision for Scotland he shares with Nicola Sturgeon.

“The truth is Scotland deserves better – and that is why Scottish Labour will focus on delivering a national recovery plan so we can build a fairer and stronger Scotland together.”

The Alba Party was asked by The Herald on Sunday if it was planning to refer the breach to the ICO, what it will say to the thousands of people who have had their data compromised, and if it had rushed through the setting up of the website without carrying out the appropriate safety checks and complying with data protection legislation.

It did not respond when contacted for comment, but appeared to fix the bug several hours after this newspaper alerted it to the flaw.

READ MORE: ​Neale Hanvey MP quits SNP to join Alex Salmond's Alba Party

When asked if the SNP was planning to investigate those members who appeared to have signed up for Alba Party events, or if it was permitted for members to attend rival party’s campaigns, a spokesman said he would be making no comment. 

The Information Commissioner [ICO] said: “As a public body the ICO has to consider its responsibilities during the pre-election period. 

“Our regulatory work continues as usual but we will not be commenting publicly on every issue raised during the Parliament election.

“We will, however, be closely monitoring how personal data is being used during political campaigning and making sure that all parties and campaigns are aware of their responsibilities under data protection and direct marketing laws.”