Nadine Dorries, an MP Who Votes on Legislation, Doesn't Understand The Importance Of Data Security

By Tom Pritchard on at

There are times when I wonder whether or not anyone in Parliament actually understands how computers work. Then I get an image of a faceless MP typing away at a keyboard with a single finger, in a baffling scene that wouldn't even make it into an episode of The Thick of It.

I say this because Nadine Dorries, a Conservative back bencher who only ever seem to be in the news because she's been talking shit, has publicly revealed that she doesn't adhere to even the most basic principles of data security.

But not only does she give every member of staff access to her account, she admitted she doesn't always remember what her password is.

In case you don't understand the context here, she's talking about Damian Green, who has been accused of downloading porn to his government computer. A non story, really, since it happened eight years ago and as far as we know it wasn't illegal porn. Poor work ethic sure, but hardly a big deal.

Dorries claims that because she gives out her password to all her staff, we can't be sure that it was actually Green who downloaded the porn. You could argue that's a fair point, but that's not the issue here. I saw someone point out on Twitter ( I can't find that tweet now), giving staff access if they need it is fine, but it should be accessible behind their own logins for the sake of accountability. If someone does something they shouldn't from Dorries' account, she's responsible - if only because she gave them access to do it.

Doris herself claimed that because she isn't important enough to have sensitive information, and she needed her staff to answer emails from constituents, she needs to give them access. Despite being aware of a little thing called delegate access.

But the consensus on Twitter is that this is quite a widespread issue, despite the fact that sharing passwords like this is a breach of Parliamentary IT policies.

In response to the alleged and continuing breach in data security, Jim Killock of the Open Rights Group had some stern words for Dorries and other MPs like her:

“On the face of it, Nadine Dorries is admitting to breaching basic data protection laws, making sure her constituents’ emails and correspondence is kept confidential and secure. She should not be sharing her log in with interns.

More worryingly, it appears this practices of MPs sharing their log ins may be rather widespread. If so, we need to know.

We are urging MPs staff and former staff to get in touch with us if they have knowledge about insecure data practices in MPs’ offices. Once we know more, we will consider complaining to the Information Commissioner and Parliamentary authorities.”

Maybe access to Nadine Dorris's email isn't going to cause huge problems, but one MP openly flaunting basic data security is not a good thing. The fact that it seems to be a widespread problem is horrifying. Is it worse than keeping your password on a post-it note attached to your monitor? Debatable, but it's certainly no better.

Update: The Information Commissioner's Office has had to point out that MPs shouldn't be sharing passwords, since they have obligations to keep personal data secure under the Data Protection Act.

It's not a crime to share passwords like this, but that's doesn't mean it's a good thing. There are no laws against taking selfies with the coffin at a funeral, but that doesn't mean you should be doing it.