A Tory MP accidentally announces a ‘chronic security breach’ in her office…over Twitter

Conservative MP
Kerry-anne Mendoza

Conservative MP Nadine Dorries attempted to defend a beleaguered colleague on Twitter. But in doing so, accidentally revealed a chronic security breach in her own office.

Foot-in-mouth disease

Nadine Dorries is a bestselling author, and the Conservative MP for Mid Bedfordshire. On Saturday 2 December, she posted a tweet in a ham-fisted attempt to defend Conservative frontbencher Damian Green. The First Secretary of State risks losing his cabinet position over allegations of watching porn at work.

Attempting to argue someone else may have downloaded the images on Green’s computer, Dorries tweeted:

And fellow Conservative MP Nick Boles admitted he does the same thing.

BBC Technology Editor Rory Cellan-Jones and others were quick to point out that this could constitute a breach of data protection laws.

Jim Killock, of the Open Rights campaign group, told the BBC:

On the face of it, Nadine Dorries is admitting to breaching basic data protection laws, making sure her constituents’ emails and correspondence is kept confidential and secure. She should not be sharing her login with interns.

More worryingly, it appears this practice of MPs sharing their logins may be rather widespread. If so, we need to know.

Despite this widespread concern, Dorries chose to hit back at critics rather than change her practices.

The experts say…

On Monday 4 December, the Information Commissioner’s Office (ICO) weighed in on the issue. The ICO warned MPs of their obligations under the Data Protection Act.

According to the ICO:

The Data Protection Act says that:

Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

This is the seventh data protection principle. In practice, it means you must have appropriate security to prevent the personal data you hold being accidentally or deliberately compromised. In particular, you will need to:

  • design and organise your security to fit the nature of the personal data you hold and the harm that may result from a security breach;
  • be clear about who in your organisation is responsible for ensuring information security;
  • make sure you have the right physical and technical security, backed up by robust policies and procedures and reliable, well-trained staff; and
  • be ready to respond to any breach of security swiftly and effectively.

While Dorries may argue that her office is too busy to uphold the Data Protection Act, a hectic schedule is no defence under the law.

Get Involved!

– If you are in the Mid Bedfordshire constituency, you can report your concern to the ICO here.

Featured image via YouTube screengrab/Pixabay

We need your help ...

The coronavirus pandemic is changing our world, fast. And we will do all we can to keep bringing you news and analysis throughout. But we are worried about maintaining enough income to pay our staff and minimal overheads.

Now, more than ever, we need a vibrant, independent media that holds the government to account and calls it out when it puts vested economic interests above human lives. We need a media that shows solidarity with the people most affected by the crisis – and one that can help to build a world based on collaboration and compassion.

We have been fighting against an establishment that is trying to shut us down. And like most independent media, we don’t have the deep pockets of investors to call on to bail us out.

Can you help by chipping in a few pounds each month?

The Canary Support us

Comments are closed