In the light of the recent Data Protection scandals involving Personal Data, including Sensitive Personal Data, exposed by Members of Parliament or their staff, when handling or disposing of copies of supposedly confidential, privileged, Constituency Correspondence, we have been prompted to set out a Model Letter for Spy Blog readers and others, to use to obtain some reassurance from their own Members of Parliament at Westminster.
Even if they fail to answer all of the sections to your satisfaction, such letters might prompt Members of Parliament and other elected representatives to improve the privacy and security of our correspondence with them.
Without an adequate assurance of such privacy and confidentiality, there really is no point in contacting a Member of Parliament,. especially if the issues you are trying to discuss with them actually involve potential snoopers such as government officials or the tabloid media etc.
You can also also send such letter to your other Elected Representatives e.g. your Local Councillors, Members of the European Parliament, Members of the Scottish Parliament, the Welsh Assembly, the Northern Irish Assembly or the London Assembly etc.
Dear [Member of Parliament]
I am writing to you as one of your Constituents
There have been a couple of recent scandals, regarding the inept handling of Sensitive Personal Data included within supposedly privileged Constituency correspondence by two Government Ministers, Oliver Letwin (in St. James Park)
and Vince Cable (at his Constituency office):
Please fill in this short survey, about the commonplace, very basic, Data Protection measures, which you need to be taking, in order to comply with the Data Protection Act 1998. These precautions are routinely taken even by small businesses and voluntary sector organisations, without the benefit of taxpayer funded office allowances.
Unless you can reassure your Constituents and the wider General Public, that you do actually pay more than lip service to the almost universal claim that MPs take the privacy of the privileged correspondence with their constituents "seriously", you will turn even more people off mainstream democratic politics and into the arms of extremists.
I would greatly appreciate some reassurance about your Data Protection arrangements for handling my Constituency Correspondence with you, my elected Member of Parliament.
Please fill out the applicable Questions below
Please mark the sections which apply to your and your staff's handling of Constituency Correspondence within the square brackets:
What is your Registration Number on the Register of Data Controllers under the Data Protection Act 1998: [................]
How many of your paid staff could have access to Constituency Correspondence ? [...]
How many unpaid volunteers or interns could have access to Constituency Correspondence ? [...]
Do you receive and / or store originals or copies of Constituency Correspondence at:
Constituency Office [...]
Main Private Home [...]
Second Private Home [...]
nth Private Home [...]
Ministerial Office [...]
Palace of Westminster Office [...]
Portcullis House Office [...]
Norman Shaw Buildings Office [...]
Other Offices [...]
On Public Transport [...]
In Cars [...]
Secure Disposal of Paper Printouts or Photocopies of electronic documents or emails or written or typed Constituency Correspondence:
Do you and your staff have access to a
Cross Cut paper shredder at each of your Constituency Correspondence handling locations ? [...]
How is the shredded paper disposed of ?
Do you use any Secure Shredding / Disposal service which collects
a) unshredded paper documents [...]
b) shredded paper documents [...]
c) floppy disk, CD, DVD, USB [...]
Are the plastic bags full of Confidential Waste collected from within the building ? [...]
Or are they left outside for collection ? [...]
Do you simply rely on the normal Local Council Refuse Collection i.e. left outside the building ? [...]
Do you rely on your staff to dispose of Confidential Waste away from your offices ? [...]
Do you protect Constituency Correspondence held electronically with :
Full Disk Encryption [...]
Encrypted Data Volumes or Folders [...]
Do you publish a PGP Public Encryption Key, for use by whistleblowers and confidential informants ? [...]
If so, what is its PGP ID: [................]
Electronic documents and email correspondence etc.
Do you or your staff access your Constituency Correspondence electronic mail through a Web Mail account e.g. gmail or hotmail or yahoo etc.? [...]
Do you use your Web Mail via an encrypted session i.e. https:// ? [...]
Does the Web Contact form on your constituency website operate via an encrypted session https:// session using a Digital Certificate ? [...]
Do you store Constituency Correspondence on:
Office file servers [...]
Desktop computers [...]
Laptop computers [...]
Smart Phones [...]
Removable Computer Media
Do you store Constituency Correspondence on:
External USB disk drives [...]
USB flash memory sticks [...]
SD card or MMC etc. flash memory for digital cameras or mobile phones [...]
Floppy disk [...]
Blue Ray [...]
Virtual Private Networking
Do you or your staff have remote access from home etc. to your office computers ? [...]
Do you use dedicated encrypted Virtual Private Network software / hardware ? [...]
Do you make use of third party web based VPN or remote access services e.g. Logmein, GoToMyPC etc ? [...]
WiFi wireless networking is convenient, but it can allow people who are physically outside your premises to access your internal computer systems:
Do your Internet Routers also act as a WiFi Access Points? [...]
Is your WiFi network currently set to use Encryption ? [...]
Is the WiFi encryption AES Pre Shared Key / PSK2 (the only WiFi encryption option which cannot now be broken in near real time by hackers or snoopers)? [...]
Secure Disposal of old office / computer equipment
There is a temptation to be "green" and to attempt to recycle old electronic equipment, which sometimes should instead be physically destroyed, if it contains sensitive data:
Is any data on old computers securely deleted, before they are handed over for recycling or Waste Electrical and Electronic Equipment (WEEE) disposal ? [...]
Are heavy duty Scanner / Photocopier / Printers with internal hard disks securely wiped when they are disposed of or when they are replaced under leasing arrangements ? [...]
Are emails or SMS text messages, Diary entries and Address Book Contacts securely wiped from mobile phones, smart phones, or tablets, when these are replaced ? [...]
This is Privileged electronic correspondence between a Constituent and his Member of Parliament.
Interception of this electronic communication without a warrant signed by a Secretary of State is a criminal offence with a penalty of up to 2 years in prison, under the Regulation of Investigatory Powers Act 2000.
No such warrant can be granted because of the "Wilson Doctrine" ordered by then Prime Minister Harold Wilson, and re-affirmed by every Prime Minister since then c.f. Commons Hansard Oral Answers, 17th November 1966, Column 634