Once again, MPs have failed to think through the consequences of what they share publicly – both on Twitter and in their parliamentary offices. Three Conservative MPs yesterday took to the social networking platform to unashamedly declare that they either share their work computer with other staff in their offices, or even distribute passwords and login details to those working closely with them.
Whilst this might common practice amongst small businesses in the private sector (although, certainly still not advisable), MPs seem to not understand the importance of holding the information they access to the strictest security protocols. It’s the digital version of leaving important government documents lying on a train seat (which, as we know, has happened).
The MPs in question were coming to the defence of the First Secretary of State, Damian Green, whom in recent days has come under fire for allegedly accessing thousands of images of legal pornography on his work laptop. Ex-police officers have come forward stating that because of the behaviour monitoring that was carried out on the laptop’s user history, they are certain that the First Secretary of State was responsible for viewing the images.
There have been numerous calls for Green to be sacked following the allegations.
However, three MPs took it upon themselves to defend Green on Twitter, claiming that they share their laptops and login details with their office staff, and as such, if Green had presumably done this too, anyone could have been accessing the pornography.
Nadine Dorries, MP for mid-Bedfordshire, said:
My staff log onto my computer on my desk with my login everyday. Including interns on exchange programmes. For the officer on @BBCNews just now to claim that the computer on Greens desk was accessed and therefore it was Green is utterly preposterous !!
— Nadine Dorries (@NadineDorries) December 2, 2017
Whilst Nick Boles, MP for Grantham, Stamford, Bourne, tweeted in support:
I certainly do. In fact I often forget my password and have to ask my staff what it is.
— Nick Boles MP (@NickBoles) December 3, 2017
Equally, Will Quince, MP for Colchester added:
They have their own machines but I am in and out of the office like a yo yo all day which is a fair treck from the House of Commons chamber. Its less sharing logins and more that I don’t always lock my machine. An MP’s office is like a small business, you have to trust your team.
— Will Quince MP (@willquince) December 3, 2017
As one would imagine, the information MPs access is likely to be highly sensitive and the data held on an MP’s laptop should be subject to the strictest security protocols. Upon seeing that the MPs in question are not following what should be common sense procedures, the UK’s data regulator, the Information Commissioner’s Office, warned that it was looking into the matter.
On Twitter it said that it was making enquiries with the relevant parliamentary authorities and referred MPs to its guidance of what is appropriate under the Data Protection Act.
We’re aware of reports that MPs share logins and passwords and are making enquiries of the relevant parliamentary authorities. We would remind MPs and others of their obligations under the Data Protection Act to keep personal data secure. https://t.co/FLPeP8M7c8
— ICO (@ICOnews) December 4, 2017
The ICO’s website specifically states:
Only allow your staff access to the information they need to do their job and don’t let them share passwords.
As one of my colleagues pointed out, the MPs in question are following practices that are quite commonplace amongst small businesses (although probably shouldn’t be, given that data protection is fundamental to any successful business that doesn’t want to be subject to public breaches). However, this isn’t small business – this is parliament and government business. MPs should know better.
Image credit - Image free for commercial use