Local authority alert sees family barrister fined over data security failings

A senior family law and Court of Protection barrister has been fined £1,000 by the Information Commissioner's Office for failing to keep clients’ sensitive personal information secure.

The monetary penalty was imposed after a local authority solicitor informed her chambers in January 2016 that documents containing confidential and sensitive information could be accessed on the internet.

According to the ICO, information belonging to up to 250 people, including vulnerable adults and children, was uploaded to the internet when the barrister’s husband updated software on the couple’s home computer.

The ICO said 725 unencrypted documents, which were created by the barrister and stored on the computer, were temporarily uploaded to an internet directory as a back up during the software upgrade.

The documents were visible to an internet search engine and some of the documents could be easily accessed through a simple search, the ICO added.

Six of 15 files that were cached and indexed contained confidential and highly sensitive information relating to people who were involved in proceedings in the Court of Protection and the Family Court.

The husband immediately removed the files from the online directory. The internet service provider removed the cached information from the internet the following day.

The ICO concluded that the barrister did not have in place appropriate technical measures for ensuring so far as possible that such an incident would not occur, i.e. for ensuring that her files could not be accessed by unauthorised third parties. In particular she did not encrypt the files.

The watchdog acknowledged that the barrister had been fully co-operative with the ICO and had taken remedial action.

Steve Eckersley, Head of Enforcement at the ICO, said: “People put their trust in lawyers to look after their data - that trust is hard won and easily lost.

“This barrister, for no good reason, overlooked her responsibility to protect her clients’ confidential and highly sensitive information. It is hard to imagine the distress this could have caused to the people involved – even if the worst never happened, this barrister exposed her clients to unnecessary worry and upset.”

The monetary penalty notice can be viewed here.