This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Scottish Court Service in breach of Data Protection Act after disposing of documents in a recycling bank

Share this article:

The Scottish Court Service has been found to be in breach of the Data Protection Act after court documents were accidentally disposed of at a local recycling bank.

According to the Information Commissioner's Office (ICO), it became aware of the breach when a Scottish newspaper published details of the discovery of files containing appeal documents on 25th September 2010.

The files reportedly contained ‘sensitive personal details' and subsequent checks by the ICO found that the papers had been lost by the editor of a series of law reports and that the court service had failed to check how this individual intended to keep the information secure. 

Ken Macdonald, assistant commissioner for Scotland at the ICO, said: “People involved in court cases should be able to feel confident that their personal and sensitive information is going to be kept secure and not taken outside of the court room. Had any of the papers in this case fallen into the wrong hands, the privacy of the individuals concerned might have been threatened.

“I am pleased that the Scottish Court Service has agreed to take a more hands-on approach to deal with data sharing in such cases and that staff will be trained appropriately to avoid this from happening in the future.”

The court service has now tightened its procedures around the handling of sensitive information by its staff and other people involved in the court process. The editor of the law reports has also agreed to improve the way in which court documents that include sensitive personal details are handled.

Eleanor Emberson, chief executive of the Scottish Court Service, has signed a formal undertaking to ensure that all staff are aware of the court service's policy for the storage, use and disclosure or sharing of personal data. All staff will be appropriately trained and all parties involved in the sharing of data must sign up to a memorandum of understanding with the service.

The ICO waited almost eight months to issue the first monetary fines in 2010, with a penalty of £100,000 given to Hertfordshire County Council for ‘two serious incidents' regarding mis-sent faxes, while employment services company A4e was fined £60,000 for the loss of an unencrypted laptop that contained personal information relating to 24,000 people who had used community legal advice centres in Hull and Leicester.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

WorldPay hacker sentenced to 11 years for role in £6 million scheme

WorldPay hacker sentenced to 11 years for role ...

An Estonian man, who helped hack payment processor RBS WorldPay in 2008, has now been sentenced to 11 years in prison for his involvement in the £5.9 (US$ 9.4 million) ...

'Sophisticated' Chinese hackers launched attacks against 43,000 computer systems

'Sophisticated' Chinese hackers launched attacks against 43,000 computer ...

A new report reveals that a Chinese cyber-espionage group is closely affiliated with government and carried out attacks against the likes of Fortune 500 companies and government agencies.

Hackers smuggle out stolen data disguised as videos

Hackers smuggle out stolen data disguised as videos

Around a dozen organisations, including at least one financial sector company, have been hit by a new form of hacking where attackers hide stolen corporate data inside video files that ...