The Information Commissioner’s Office has warned politicians to be mindful of data protection law after three MPs admitted to sharing computer passwords with their staff.
The data protection watchdog said in a tweeted statement that it was aware of the reports and “making enquiries of the relevant parliamentary authorities”.
Cyber security experts have warned that the practice could put constituents’ confidential data at risk.
Sharing passwords is not illegal, but the ICO said organisations must take “appropriate technical and organisational measures” to prevent misuse.
Nadine Dorries, MP for mid-Bedfordshire, admitted over the weekend to sharing her computer log-in and passwords with staff so they could answer emails on her behalf.
“For the officer on @BBCNews just now to claim that the computer on Greens desk was accessed and therefore it was Green is utterly preposterous,” she said.
The Conservative MP was seeking to defend First Secretary of State, Damien Green, who is accused of downloading porn to his work computer in 2008, a claim he denies.
Dorries’ was backed up by Nick Boles, MP for Grantham and Stamford, and Will Quince, Colchester’s MP, who both said they had shared passwords with staff.
Less login sharing and more that I leave my machine unlocked so they can use it if needs be. My office manager does know my login though. Ultimately I trust my team.
— Will Quince MP (@willquince) December 3, 2017
Open Rights Group’s executive director, Jim Killock, said he feared the practice may be widespread in Westminster.
“On the face of it, Nadine Dorries is admitting to breaching basic data protection laws, making sure her constituents’ emails and correspondence is kept confidential and secure. She should not be sharing her log in with interns.
“More worryingly, it appears this practices of MPs sharing their log ins may be rather widespread. If so, we need to know.
“We are urging MPs staff and former staff to get in touch with us if they have knowledge about insecure data practices in MPs’ offices. Once we know more, we will consider complaining to the Information Commissioner and Parliamentary authorities.”