The UK's data privacy regulator has cautioned MPs about sharing work computer passwords.
It follows tweets by three Conservative Party MPs over the weekend claiming that they had provided their staff with access to their login details.
Sharing passwords is not a breach of the UK's Data Protection Act.
But the law says that "appropriate" security measures concerning personal data must be in place and that those with access must be properly vetted.
"We're aware of reports that MPs share logins and passwords and are making enquiries of the relevant parliamentary authorities," the Information Commissioner's Office said in a tweet of its own.
"We would remind MPs and others of their obligations under the Data Protection Act to keep personal data secure."
It added a link to a guide outlining the types of safety measures that should be enforced.
The issue was raised by Nadine Dorries - the member of parliament for mid-Bedfordshire - who posted on Saturday evening that her team logged into her computer using her login details "everyday".
My staff log onto my computer on my desk with my login everyday. Including interns on exchange programmes. For the officer on @BBCNews just now to claim that the computer on Greens desk was accessed and therefore it was Green is utterly preposterous !!— Nadine Dorries (@NadineDorries) December 2, 2017
She had made the point in order to cast doubt over claims that First Secretary of State Damian Green must have been responsible for viewing pornography allegedly found on his computer. The minister denies the accusation, but has faced calls to resign.
Nick Boles - MP for Grantham and Stamford - followed up saying that he had shared his password with his four members of his staff, so they could deal with letters and emails from constituents.
I certainly do. In fact I often forget my password and have to ask my staff what it is.— Nick Boles MP (@NickBoles) December 3, 2017
And Will Quince - who represents Colchester - said that he had given his login to his office manager, adding that he did not always lock his machine to allow other team members access.
Less login sharing and more that I leave my machine unlocked so they can use it if needs be. My office manager does know my login though. Ultimately I trust my team.— Will Quince MP (@willquince) December 3, 2017
The House of Commons Staff Handbook explicitly states that its employees must not share their passwords, but the rule does not appear to cover logins of the MPs themselves.
Even so, some politicians have stressed that they do keep their details private.
Just for the record I don't share passwords to my parliamentary IT accounts with anyone. Once an auditor, always an auditor. https://t.co/wcfegaF0WA— Peter Grant MP (@PeterGrantMP) December 4, 2017
This is woeful disregard for any kind of data security. Easy to get temp passwords & extra equipment for wk exp/interns. MPs shld know better. https://t.co/SquQjpkqZP— Melanie Onn MP (@OnnMel) December 2, 2017
Security experts have expressed concern about the suggestion that password-sharing is commonplace among MPs and their staff.
Troy Hunt blogged about a variety of alternative ways to share access to emails and other documents without providing full access to a computer's contents.
And the consultant Graham Cluley suggested: "it should worry us all if the very people who are tasked with legislating on internet privacy and security issues are proving to be so utterly clueless".