«
»

QC has unencrypted laptop stolen and is sanctioned by the ICO

The Information Commissioner’s Office has reported on the case of a Scottish Advocate having an unencrypted laptop stolen.

The laptop was stolen from the home of Ruth Crawford QC in 2009 when she was away on holiday. It contained personal data relating to a number of individuals involved in eight court cases the advocate had been working on. This included some details relating to the physical and mental health of individuals involved in two of the cases. The device has not been recovered; however, most of the information compromised would already have been released as evidence in court papers.

The breach was only reported to the ICO on 30 August 2011 when the last case relating to information held on the laptop was concluded. The ICO’s enquiries found that, whilst Ms Crawford had some physical security measures in place at the time of the theft, she failed to ensure that either the device or the sensitive information stored on it was appropriately encrypted.

The QC has now agreed to put the necessary changes in place to ensure this type of incident does not happen again. This includes locking away any personal information stored at her home and following any future data protection guidance issued by the Faculty of Advocates or her stable.

Ken Macdonald, Assistant Commissioner for Scotland said:

The legal profession holds some of the most sensitive information available. It is therefore vital that adequate security measures are in place to keep information secure.

“As this incident took place before the 6 April 2010 the ICO is unable to serve a financial penalty in this instance. But this case should act as a warning to other legal professionals that their failure to protect personal information is not just about potentially being served with a penalty of up to £500,000 – it could affect their careers too. If confidential information is made public, it could also jeopardise the important work they do in court.

“The ICO would also like to assure the legal profession that any information reported to this office will not be disclosed unless there is specific legal authority for us to do so. Therefore all breaches should be reported to our office as soon as practically possible.” 

.

About these ads

, , , , , ,

This entry was posted on 16/11/2011, 11:51 am and is filed under brian pennington. You can follow any responses to this entry through RSS 2.0. You can leave a response, or trackback from your own site.

  1. #1 by Trademarks on 30/11/2011 - 9:33 pm

    Hey There. I found your blog the usage of msn. That is a very smartly written article. I?ll be sure to bookmark it and return to learn extra of your helpful info. Thanks for the post. I will certainly comeback.

    Reply
  1. Information Commissioner gets tough with the largest fine for the breach of the Data Protection Act « Brian Pennington

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 984 other followers

%d bloggers like this: