Barrister fined by ICO as unencrypted client data is uploaded on to the internet
A senior barrister has been fined £1,000.00 by the Information Commissioner’s Office (‘ICO’) after unencrypted client data was accidentally uploaded to the internet by her husband.
A total of 725 documents, containing information belonging to up to 250 people, were temporarily uploaded to an internet directory when the barrister’s husband was updating software on the couple’s home computer. The barrister (who remains unnamed) had created the documents at home on her desktop computer, for work purposes. Whilst the desktop computer was password protected, the files were unencrypted. The error occurred whilst the barrister’s husband was attempting to back up the files, assuming that the directory was secure. However, according to the ICO, those documents were in fact "visible to an internet search engine" and some documents could be "easily accessed using a recognisable word, such as a name". Six of the uploaded documents contained highly sensitive and confidential information relating to clients involved in proceedings at the Court of Protection.
The barrister’s husband immediately removed the files from the online directory when notified of his error and the internet service provider removed the cached information from the internet the following day.
The Head of Enforcement at the ICO, Steven Eckersley stated that “this barrister, for no good reason, overlooked her responsibility to protect her clients’ confidential and highly sensitive information. It is hard to imagine the distress this could have caused to the people involved – even if the worst never happened, this barrister exposed her clients to unnecessary worry and upset.”
Following an investigation, the barrister was found to be in contravention of the Data Protection Act 1998 (‘DPA’) and was served a monetary penalty under section 55A of the DPA.
The Bar Council recommends that barristers encrypt all client data and emphasises that barristers have a duty to “protect the confidentiality of each client's affairs, except for such disclosures as are required or permitted by law or to which your client gives informed consent”.
Articles are intended as an introduction to the topic and do not constitute legal advice.