Scottish Lawyer Reported to ICO for Loss of Sensitive Data – Comment from commissum

In response to revelations that a Scottish lawyer was reported to the Information Commissioner's Office (ICO) in August this year for the loss of sensitive data on a laptop computer that was stolen, Martin Finch, Managing Director of commissum, the information security consultancy with headquarters in Edinburgh, Scotland, said: “From a direct financial impact perspective, the lawyer was fortunate that the breach took place prior to 6 April 2010; this meant that the ICO was unable to levy a financial penalty. However the indirect impact on reputation can be far more damaging longer term; especially for a member of the legal profession where trust is a fundamental feature of the client relationship.”

The ICO ruling yesterday was that in fact the information in this case had not been appropriately protected despite some measures having been taken. The measures critically did not include encrypting the data. Financial penalties may very well have been levied if this had occurred after 6 April 2010. 

Martin Finch said “The potential for a £500,000 fine is certainly a factor that has focused the attention of more organisations, but the potential impact from reputation damage is still underestimated; and of course for the legal sector there is also the consideration of the potential impact on the outcome of cases and the impact on the clients depending on the data disclosed.”

There are a number of basic security precautions that can be taken to protect such data, encryption being one of them. Without encryption in place, it is relatively easy for a knowledgeable person to retrieve data from a laptop even if thought to be protected with a standard operating system logon password on power up. Encrypting data on such devices that are required when travelling should always be one of the basic precautions taken.

About commissum

With 20 years of experience, commissum is adept at offering practical information security advice and recommending cost-effective solutions, to deliver a joined-up, coherent approach to protecting an organisation's information assets.

Contact:

Quay House
142 Commercial Street
Leith
Edinburgh
EH6 6LB
United Kingdom

tel: 0845 108 2066

web: www.commissum.com/en

Contact: Darren Paterson
Phone: 0131 556 7078
Email: darren@queryclick.com
Website: http://uk.queryclick.com/