Member of Parliament Nadine Dorries has sparked widespread concern after claiming it was common practice for MPs to share computer log-in details with staff and interns.

This is an incredibly irresponsible example of poor cyber security, information security awareness and overall lack of accountability this generates. One of the most basic security mistakes out there is sharing account credentials. It should also be noted, this is one of the MPs who is trying to ban or limit encryption.

Parliamentary ICT (PICT) Security Policy specifically states on the matter:

Additional sections repeatedly make clear that passwords must not be shared.

Jim Killock, of the Open Rights campaign group, said:

“On the face of it, Nadine Dorries is admitting to breaching basic data protection laws, making sure her constituents’ emails and correspondence is kept confidential and secure. She should not be sharing her log-in with interns.

“More worryingly, it appears this practice of MPs sharing their log-ins may be rather widespread. If so, we need to know.”

The Information Commissioners Office said:

“We’re aware of reports that MPs share logins and passwords and are making enquiries of the relevant parliamentary authorities. In the meantime, we would remind MPs and others of their obligations under the Data Protection Act to keep personal data secure.”

Raj Samani, chief scientist at McAfee said in an interview with the Telegraph today:

“The news that MPs regularly share their passwords with members of their staff is an example of the dangers caused by the mentality that ‘it won’t happen to me’, or ‘it won’t happen to me again. In this case, the need for teams to easily and quickly access email, social media, or other information has clearly become more of a priority than securing data.

The House of Commons needs to take steps to ensure that MPs are appropriately educated on the dangers of sharing their passwords. It is clear that better cyber education policy is needed in government.”

It’s disturbing how careless MPs of all stripes are so careless about basic cyber security, especially as 2017 has seen cyber attack wreak havoc with public sector systems such as the NHS.


  1. These are the same people who are arrogant enough to tell me and you that they know best and are far more intelligent, but cant remember their passwords.

    As far as I am concerned they should be forced to step down if they have breached the Data Protection Act. This is just ridiculous…


Please enter your comment!
Please enter your name here