Trio of Conservative politicians reminded of their data-protection obligations after revealing that they share login details with others
The Information Commissioner’s Office has warned MPs to ensure they fulfil their legal data-protection obligations and announced that it is “making enquiries” into admissions from several politicians that they share their computer logins with their staff.
On Saturday, Nadine Dorries spoke out in relation to allegations that pornography was accessed via the work computer of her fellow Conservative MP Damian Green. She claimed that, even if – as has been alleged by former Metropolitan Police detective Neil Lewis – the machine was logged in under Green’s details at the time, it cannot necessarily be inferred from this that it was Green himself who accessed the pornography.
She tweeted: “My staff log onto my computer on my desk with my login every day. Including interns on exchange programmes. For the officer… to claim that the computer on Green’s desk was accessed, and therefore it was Green, is utterly preposterous!”
Related content
- MPs call for more investigatory powers for ICO
- Public sector ‘cannot rely on consent as a legal basis’ for GDPR compliance, warns ICO
- ICO stresses importance of data protection post-Brexit
Two other Conservative MPs – Nick Boles and Will Quince – have since both also admitted on Twitter that staff working for them know their computer login details and, in some cases, use their machine without their prior knowledge.
These admissions did not go unnoticed by the ICO, which responded with a tweet of its own, indicating that it is looking into the matter, and stressing to MPs the importance of data security.
“We’re aware of reports that MPs share logins and passwords and are making enquiries of the relevant parliamentary authorities,” it said. “We would remind MPs and others of their obligations under the Data Protection Act to keep personal data secure.”
The ICO’s tweet included a link to a page on its website offering advice on information security – the seventh principle of the existing Data Protection Act legislation.
