MPs ‘widely and routinely’ breaching data protection and cyber security policies

Member of Parliament Nadine Dorries has sparked widespread concern after claiming it was common practice for MPs to share computer log-in details with staff and interns.

This is an incredibly irresponsible example of poor cyber security, information security awareness and overall lack of accountability this generates. One of the most basic security mistakes out there is sharing account credentials. It should also be noted, this is one of the MPs who is trying to ban or limit encryption.

Parliamentary ICT (PICT) Security Policy specifically states on the matter:

Additional sections repeatedly make clear that passwords must not be shared.

My staff log onto my computer on my desk with my login everyday. Including interns on exchange programmes. For the officer on @BBCNews just now to claim that the computer on Greens desk was accessed and therefore it was Green is utterly preposterous !!

— Nadine Dorries (@NadineDorries) December 2, 2017

Jim Killock, of the Open Rights campaign group, said:

“On the face of it, Nadine Dorries is admitting to breaching basic data protection laws, making sure her constituents’ emails and correspondence is kept confidential and secure. She should not be sharing her log-in with interns.

“More worryingly, it appears this practice of MPs sharing their log-ins may be rather widespread. If so, we need to know.”

I certainly do. In fact I often forget my password and have to ask my staff what it is.

— Nick Boles MP (@NickBoles) December 3, 2017

The Information Commissioners Office said:

“We’re aware of reports that MPs share logins and passwords and are making enquiries of the relevant parliamentary authorities. In the meantime, we would remind MPs and others of their obligations under the Data Protection Act to keep personal data secure.”

We’re aware of reports that MPs share logins and passwords and are making enquiries of the relevant parliamentary authorities. We would remind MPs and others of their obligations under the Data Protection Act to keep personal data secure. https://t.co/FLPeP8M7c8

— ICO (@ICOnews) December 4, 2017

Raj Samani, chief scientist at McAfee said in an interview with the Telegraph today:

“The news that MPs regularly share their passwords with members of their staff is an example of the dangers caused by the mentality that ‘it won’t happen to me’, or ‘it won’t happen to me again. In this case, the need for teams to easily and quickly access email, social media, or other information has clearly become more of a priority than securing data.

The House of Commons needs to take steps to ensure that MPs are appropriately educated on the dangers of sharing their passwords. It is clear that better cyber education policy is needed in government.”

They need their own logins for traceability, data protection, security & more. The set up you describe is a shambles that you should be ashamed of and must fix ASAP

— FXFollower (@FollowingFX) December 2, 2017

It’s disturbing how careless MPs of all stripes are so careless about basic cyber security, especially as 2017 has seen cyber attack wreak havoc with public sector systems such as the NHS.