A Tory MP accidentally announces a ‘chronic security breach’ in her office…over Twitter

Conservative MP
Kerry-anne Mendoza

Conservative MP Nadine Dorries attempted to defend a beleaguered colleague on Twitter. But in doing so, accidentally revealed a chronic security breach in her own office.

Foot-in-mouth disease

Nadine Dorries is a bestselling author, and the Conservative MP for Mid Bedfordshire. On Saturday 2 December, she posted a tweet in a ham-fisted attempt to defend Conservative frontbencher Damian Green. The First Secretary of State risks losing his cabinet position over allegations of watching porn at work.

Attempting to argue someone else may have downloaded the images on Green’s computer, Dorries tweeted:

Start your day with The Canary News Digest

Fresh and fearless; get excellent independent journalism from The Canary, delivered straight to your inbox every morning.

And fellow Conservative MP Nick Boles admitted he does the same thing.

BBC Technology Editor Rory Cellan-Jones and others were quick to point out that this could constitute a breach of data protection laws.

Jim Killock, of the Open Rights campaign group, told the BBC:

On the face of it, Nadine Dorries is admitting to breaching basic data protection laws, making sure her constituents’ emails and correspondence is kept confidential and secure. She should not be sharing her login with interns.

More worryingly, it appears this practice of MPs sharing their logins may be rather widespread. If so, we need to know.

Despite this widespread concern, Dorries chose to hit back at critics rather than change her practices.

The experts say…

On Monday 4 December, the Information Commissioner’s Office (ICO) weighed in on the issue. The ICO warned MPs of their obligations under the Data Protection Act.

According to the ICO:

The Data Protection Act says that:

Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

This is the seventh data protection principle. In practice, it means you must have appropriate security to prevent the personal data you hold being accidentally or deliberately compromised. In particular, you will need to:

  • design and organise your security to fit the nature of the personal data you hold and the harm that may result from a security breach;
  • be clear about who in your organisation is responsible for ensuring information security;
  • make sure you have the right physical and technical security, backed up by robust policies and procedures and reliable, well-trained staff; and
  • be ready to respond to any breach of security swiftly and effectively.

While Dorries may argue that her office is too busy to uphold the Data Protection Act, a hectic schedule is no defence under the law.

Get Involved!

– If you are in the Mid Bedfordshire constituency, you can report your concern to the ICO here.

Featured image via YouTube screengrab/Pixabay

Since you're here ...

We know you don't need a lecture. You wouldn't be here if you didn't care.
Now, more than ever, we need your help to challenge the rightwing press and hold power to account. Please help us survive and thrive.

The Canary Support

Comments are closed