The UK’s data privacy regulator has cautioned MPs about sharing work computer passwords.
It follows tweets by three Conservative Party MPs over the weekend claiming that they had provided their staff with access to their login details.
Sharing passwords is not a breach of the UK’s Data Protection Act.
But the law says that “appropriate” security measures concerning personal data must be in place and that those with access must be properly vetted.
“We’re aware of reports that MPs share logins and passwords and are making enquiries of the relevant parliamentary authorities,” the Information Commissioner’s Office said in a tweet of its own.
“We would remind MPs and others of their obligations under the Data Protection Act to keep personal data secure.”
It added a link to a guide outlining the types of safety measures that should be enforced.
The issue was raised by Nadine Dorries – the member of parliament for mid-Bedfordshire – who posted on Saturday evening that her team logged into her computer using her login details “everyday”.
She had made the point in order to cast doubt over claims that First Secretary of State Damian Green must have been responsible for viewing pornography allegedly found on his computer. The minister denies the accusation, but has faced calls to resign.
Nick Boles – MP for Grantham and Stamford – followed up saying that he had shared his password with his four members of his staff, so they could deal with letters and emails from constituents.
And Will Quince – who represents Colchester – said that he had given his login to his office manager, adding that he did not always lock his machine to allow other team members access.
The House of Commons Staff Handbook explicitly states that its employees must not share their passwords, but the rule does not appear to cover logins of the MPs themselves.
Even so, some politicians have stressed that they do keep their details private.
Security experts have expressed concern about the suggestion that password-sharing is commonplace among MPs and their staff.
Troy Hunt blogged about a variety of alternative ways to share access to emails and other documents without providing full access to a computer’s contents.
And the consultant Graham Cluley suggested: “it should worry us all if the very people who are tasked with legislating on internet privacy and security issues are proving to be so utterly clueless”.