A laptop belonging to a Scottish QC was stolen from her home.
Ruth Crawford QC had the unencrypted laptop stolen in 2009 when she was on holiday, according to the Information Commissioner's Office (ICO). It claimed that the laptop contained personal data relating to a number of individuals involved in eight court cases that Crawford had been working on, including some details relating to the physical and mental health of individuals involved in two of the cases.
The breach was reported to the ICO on 30 August 2011 when the last case relating to information held on the laptop was concluded. The ICO's enquiries found that while Crawford had some physical security measures in place at the time of the theft, she failed to ensure that either the device or the sensitive information stored on it was appropriately encrypted.
Ken Macdonald, assistant commissioner for Scotland, said: “The legal profession holds some of the most sensitive information available. It is therefore vital that adequate security measures are in place to keep information secure.
“As this incident took place before the 6 April 2010, the ICO is unable to serve a financial penalty in this instance. But this case should act as a warning to other legal professionals that their failure to protect personal information is not just about potentially being served with a penalty of up to £500,000, it could affect their careers too. If confidential information is made public, it could also jeopardise the important work they do in court.
“The ICO would also like to assure the legal profession that any information reported to this office will not be disclosed unless there is specific legal authority for us to do so. Therefore all breaches should be reported to our office as soon as practically possible.”
Edy Almer, V-P of marketing and business development at Safend, a Wave Systems company, said: “While most, if not all organisations should have had encryption in place by now, individuals who are independent or not covered by their organisation can still take the initiative and use self-encrypted drives that require no knowledge to install. The cost of the drive is negligible compared with the hassle, cost and embarrassment after such an easily prevented loss.”