Lawyers warned over security after QC is found to have breached data protection laws

Print This Post

By Legal Futures

16 November 2011


Security: case highlights importance of encryption

Lawyers have been warned over their duty to protect personal information, after a barrister was found to have breached the Data Protection Act for failing to encrypt a laptop containing sensitive personal data which was later stolen.

The Information Commissioner’s Office (ICO) today released details of an undertaking by Scottish advocate Ruth Crawford to introduce new security measures to ensure this type of incident does not happen again.

The laptop was stolen from her home in 2009 when she was away on holiday. It contained personal data relating to a number of individuals involved in eight court cases. This included some details relating to the physical and mental health of individuals involved in two of the cases. The device has not been recovered; however, most of the information compromised would already have been released as evidence in court papers.

The breach was only reported to the ICO on 30 August 2011 when the last case relating to information held on the laptop was concluded. The ICO’s enquiries found that, whilst Ms Crawford had some physical security measures in place at the time of the theft, she failed to ensure that either the device or the sensitive information stored on it was appropriately encrypted.

The undertaking – provided in consideration of the ICO not issuing an enforcement notice – includes locking away any personal information stored at her home and following any future data protection guidance issued by the Faculty of Advocates or her stable.

Ken Macdonald, assistant commissioner forScotland, said: “The legal profession holds some of the most sensitive information available. It is therefore vital that adequate security measures are in place to keep information secure.

“As this incident took place before the 6 April 2010 the ICO is unable to serve a financial penalty in this instance. But this case should act as a warning to other legal professionals that their failure to protect personal information is not just about potentially being served with a penalty of up to £500,000 – it could affect their careers too. If confidential information is made public, it could also jeopardise the important work they do in court.

“The ICO would also like to assure the legal profession that any information reported to this office will not be disclosed unless there is specific legal authority for us to do so. Therefore all breaches should be reported to our office as soon as practically possible.”

Tags:



Leave a comment

* Denotes required field

All comments will be moderated before posting. Please see our Terms and Conditions

Legal Futures Blog

Joint (ad)ventures in the legal sector

Nigel Wallis lo res

We all know that nothing in life is certain. As the actor, director and philosopher Clint Eastwood once said: “If you want a guarantee, buy a toaster.” He also said he’d tried being reasonable and didn’t like it. They should teach this kind of philosophy in law school. One thing in life is reasonably certain though. If you’re a law firm worth your salt, at some point you will be approached by another entity (most probably a work introducer) with a whizzy idea to ‘partner’ with you to ‘help you accelerate your growth’. In commercial speak this means, ‘we’d like to keep feeding you work but we’d also like to share in your profits’. The arrangement may be pitched to you as a joint venture – a win-win no less.

March 27th, 2017