The data protection watchdog has said MPs who share login and password details on government computers could be breaking the law and it is investigating MPs' sharing of computers with interns.
The Information Commissioner’s Office (ICO) said it was 'aware of reports that MPs share logins and passwords and are making enquiries of the relevant parliamentary authorities,' and also reminded 'MPs and others of their obligations under the Data Protection Act to keep personal data secure.'
MP defends 'shared password' tweet
The watchdog’s intervention came in response to Conservative MP Nadine Dorries defending her cybersecurity arrangements after revealing at the weekend that she shares her passwords with all her staff.
Ms Dorries' admission was made as she came to the defence of first secretary of state Damian Green. A Cabinet Office inquiry is examining allegations that pornography was found on a computer in Mr Green's parliamentary office. Ms Dorries was questioning a retired police officer's suggestion that only Mr Green could have been responsible for the material which was found on his computer.
Ms Dorries tweeted: 'My staff log onto my computer on my desk with my login every day. Including interns on exchange programmes . . . [a] claim that the computer on Green's desk was accessed and therefore it was Green is utterly preposterous.'
House of Commons urged to tighten cyber policy
Open Rights Group, a campaign organisation, said: 'Nadine Dorries is admitting to breaching basic data protection laws . . . She should not be sharing her login with interns … More worryingly, it appears this practice of MPs sharing their logins may be rather widespread.'
Raj Samani, chief scientist at computer security software company McAfee, said: 'The news that MPs regularly share their passwords with members of their staff is an example of the dangers caused by the mentality that "it won’t happen to me," or "it won’t happen to me again" … The House of Commons needs to take steps to ensure that MPs are appropriately educated on the dangers of sharing their passwords. It is clear that better cyber education policy is needed in government.'
The Information Commissioner’s Office said MPs who shared passwords were potentially breaching data protection regulations which are in place to protect digital information.
The ICO noted its data protection principle of security, which says that those holding personal data should have ‘the right physical and technical security, backed up by robust policies and procedures and reliable, well-trained staff.’