Conservative MP Nadine Dorries attempted to defend a beleaguered colleague on Twitter. But in doing so, accidentally revealed a chronic security breach in her own office.
Nadine Dorries is a bestselling author, and the Conservative MP for Mid Bedfordshire. On Saturday 2 December, she posted a tweet in a ham-fisted attempt to defend Conservative frontbencher Damian Green. The First Secretary of State risks losing his cabinet position over allegations of watching porn at work.
Attempting to argue someone else may have downloaded the images on Green’s computer, Dorries tweeted:
My staff log onto my computer on my desk with my login everyday. Including interns on exchange programmes. For the officer on @BBCNews just now to claim that the computer on Greens desk was accessed and therefore it was Green is utterly preposterous !!
— Nadine Dorries (@NadineDorries) December 2, 2017
And fellow Conservative MP Nick Boles admitted he does the same thing.
BBC Technology Editor Rory Cellan-Jones and others were quick to point out that this could constitute a breach of data protection laws.
https://t.co/EkgFycLVAe Here are the data protection rules for HofC staff –
5.8 You MUST NOT:
– share your password.
But that's staff not MPs…
— Rory Cellan-Jones (@ruskin147) December 3, 2017
As above – this would be a sackable offence in any normal organisation, for exactly this reason.
How could you determine the source of a breach if 8 people are using the same login?
Do MPs operate on a different planet?https://t.co/pR6J0zXyQD
— tony nog #FBPE (@tony_nog) December 2, 2017
Jim Killock, of the Open Rights campaign group, told the BBC:
On the face of it, Nadine Dorries is admitting to breaching basic data protection laws, making sure her constituents’ emails and correspondence is kept confidential and secure. She should not be sharing her login with interns.
More worryingly, it appears this practice of MPs sharing their logins may be rather widespread. If so, we need to know.
Despite this widespread concern, Dorries chose to hit back at critics rather than change her practices.
You don’t have a team of 4-6 staff answering the 300 emails you receive every day
— Nadine Dorries (@NadineDorries) December 2, 2017
I’m not the Gov. I’m an MP with a computer in a shared office upon which lives an email account. That’s as exciting as my computer gets
— Nadine Dorries (@NadineDorries) December 3, 2017
The experts say…
On Monday 4 December, the Information Commissioner’s Office (ICO) weighed in on the issue. The ICO warned MPs of their obligations under the Data Protection Act.
We’re aware of reports that MPs share logins and passwords and are making enquiries of the relevant parliamentary authorities. We would remind MPs and others of their obligations under the Data Protection Act to keep personal data secure. https://t.co/FLPeP8M7c8
— ICO (@ICOnews) December 4, 2017
According to the ICO:
The Data Protection Act says that:
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
This is the seventh data protection principle. In practice, it means you must have appropriate security to prevent the personal data you hold being accidentally or deliberately compromised. In particular, you will need to:
- design and organise your security to fit the nature of the personal data you hold and the harm that may result from a security breach;
- be clear about who in your organisation is responsible for ensuring information security;
- make sure you have the right physical and technical security, backed up by robust policies and procedures and reliable, well-trained staff; and
- be ready to respond to any breach of security swiftly and effectively.
While Dorries may argue that her office is too busy to uphold the Data Protection Act, a hectic schedule is no defence under the law.
– If you are in the Mid Bedfordshire constituency, you can report your concern to the ICO here.
We need your help to keep speaking the truth
Every story that you have come to us with; each injustice you have asked us to investigate; every campaign we have fought; each of your unheard voices we amplified; we do this for you. We are making a difference on your behalf.
Our fight is your fight. You’ve supported our collective struggle every time you gave us a like; and every time you shared our work across social media. Now we need you to support us with a monthly donation.
We have published nearly 2,000 articles and over 50 films in 2021. And we want to do this and more in 2022 but we don’t have enough money to go on at this pace. So, if you value our work and want us to continue then please join us and be part of The Canary family.
In return, you get:
* Advert free reading experience
* Quarterly group video call with the Editor-in-Chief
* Behind the scenes monthly e-newsletter
* 20% discount in our shop
Almost all of our spending goes to the people who make The Canary’s content. So your contribution directly supports our writers and enables us to continue to do what we do: speaking truth, powered by you. We have weathered many attempts to shut us down and silence our vital opposition to an increasingly fascist government and right-wing mainstream media.
With your help we can continue:
* Holding political and state power to account
* Advocating for the people the system marginalises
* Being a media outlet that upholds the highest standards
* Campaigning on the issues others won’t
* Putting your lives central to everything we do
We are a drop of truth in an ocean of deceit. But we can’t do this without your support. So please, can you help us continue the fight?