25 November 2010Print This Post

A4e receives landmark £60k fine for losing legal clients’ personal data

Security: lack of encryption warranted penalty

A company that runs two law centres has become one of the first two organisations ever to be fined for data protection breaches, after personal details of 24,000 clients were lost when an unencrypted laptop was stolen.

A4e, a ‘social purpose’ company that jointly manages the Hull and Leicester community legal advice centres, was fined £60,000 by the Information Commissioner. The reason given was that access to the data, which was stolen in June, could have caused “substantial distress” and reasonable steps were not taken to prevent its loss.

The laptop had been issued to an employee so that they could work at home. It contained sensitive personal information when it was stolen from the employee’s house. An unsuccessful attempt to access the data was made shortly after the theft.

A4e manages the two centres in partnership with Howells Solicitors. Each is funded jointly by the local authority and Legal Services Commission. There is no suggestion that the law firm was involved in the breach.

Since April 2010 the commissioner has had powers to issue monetary penalties of up to £500,000 for serious breaches of the Data Protection Act.

Christopher Graham, the Information Commissioner, said the penalties sent out a strong message to all organisations handling personal information: “The laptop theft… warranted nothing less than a monetary penalty as thousands of people’s privacy was potentially compromised by the company’s failure to take the simple step of encrypting the data.”

A4e’s newly-appointed chief executive, Andrew Dutton, said it was the first such incident suffered by the company and pointed out that it had made a voluntary report to the commissioner when the theft occurred. No customer had reported any financial or other loss.

He added: “This incident occurred as a result of a breach of our security procedures. It also came at time when A4e was rolling out a new, robust, company-wide set of security controls and procedures.”

Bookmark and Share

Tags:

Leave a comment

We encourage you to be part of the Legal Futures community but please note that all comments will be moderated before posting. We draw your attention to clause 5 of the Terms and Conditions of the site, which deals with user-generated content.




Legal Futures Blog

Run that past me one more time

Stobart importing

If ever there was a “what the…?” moment since setting up Legal Futures, it was the news that the Stobart Group is entering the legal services market. The story launched many an attempt at humour on Twitter, but I will gladly put them to one side. One can see some challenges for this venture, not least that while Eddie Stobart is a well-known brand, especially among motorway travellers, it is not known for delivering any services, let alone professional ones, to consumers.

May 18th, 2012
Read More Blogs >>

Associate News

Read More Associate News >>
Become an Associate >>