Scottish Court Service in breach of Data Protection Act after disposing of documents in a recycling bank
The Scottish Court Service has been found to be in breach of the Data Protection Act after court documents were accidentally disposed of at a local recycling bank.
According to the Information Commissioner's Office (ICO), it became aware of the breach when a Scottish newspaper published details of the discovery of files containing appeal documents on 25th September 2010.
The files reportedly contained ‘sensitive personal details' and subsequent checks by the ICO found that the papers had been lost by the editor of a series of law reports and that the court service had failed to check how this individual intended to keep the information secure.
Ken Macdonald, assistant commissioner for Scotland at the ICO, said: “People involved in court cases should be able to feel confident that their personal and sensitive information is going to be kept secure and not taken outside of the court room. Had any of the papers in this case fallen into the wrong hands, the privacy of the individuals concerned might have been threatened.
“I am pleased that the Scottish Court Service has agreed to take a more hands-on approach to deal with data sharing in such cases and that staff will be trained appropriately to avoid this from happening in the future.”
The court service has now tightened its procedures around the handling of sensitive information by its staff and other people involved in the court process. The editor of the law reports has also agreed to improve the way in which court documents that include sensitive personal details are handled.
Eleanor Emberson, chief executive of the Scottish Court Service, has signed a formal undertaking to ensure that all staff are aware of the court service's policy for the storage, use and disclosure or sharing of personal data. All staff will be appropriately trained and all parties involved in the sharing of data must sign up to a memorandum of understanding with the service.
The ICO waited almost eight months to issue the first monetary fines in 2010, with a penalty of £100,000 given to Hertfordshire County Council for ‘two serious incidents' regarding mis-sent faxes, while employment services company A4e was fined £60,000 for the loss of an unencrypted laptop that contained personal information relating to 24,000 people who had used community legal advice centres in Hull and Leicester.