Skip navigation
Skip navigation
You are using an outdated browser. Please upgrade your browser.

A Scottish lawyer was reported to the Information Commissioner's Office (ICO) in August this year for the loss of sensitive data on a laptop computer that was stolen while they were on holiday. The loss actually took place in 2009 but it took until August 2011 for the final case, of which there were eight, to be closed.

The lawyer in question, had taken some security measures, but encrypting the data on the laptop or associated devices was not among them. Apparently the information included very sensitive personal information, including information relating to the physical and mental health of persons involved in cases.

Martin Finch, Managing Director of commissum, the information security consultancy with headquarters in Edinburgh, Scotland said “from a direct financial impact perspective, the lawyer was fortunate that the breach took place prior to 6 April 2010; this meant that the ICO was unable to levy a financial penalty. However the indirect impact on reputation can be far more damaging longer term; especially for a member of the legal profession where trust is a fundamental feature of the client relationship.”

The ICO ruling yesterday was that in fact the information in this case had not been appropriately protected despite some measures having been taken. The measures critically did not include encrypting the data. Financial penalties may very well have been levied if this had occurred after 6 April 2010.

Martin Finch said “The potential for a £500,000 fine is certainly a factor that has focused the attention of more organisations, but the potential impact from reputation damage is still underestimated; and of course for the legal sector there is also the consideration of the potential impact on the outcome of cases and the impact on the clients depending on the data disclosed.”

There are a number of basic security precautions that can be taken to protect such data, encryption being one of them. Without encryption in place, it is relatively easy for a knowledgeable person to retrieve data from a laptop even if thought to be protected with a standard operating system log-on password on power up. Encrypting data on such devices that are required when traveling should always be one of the basic precautions taken.

About commissum

With 20 years of experience, commissum is adept at offering practical information security advice and recommending cost-effective solutions, to deliver a joined-up, coherent approach to protecting an organisation's information assets.


Quay House
142 Commercial Street
United Kingdom
tel: 0845 108 2066

This press release was distributed by ResponseSource Press Release Wire on behalf of Query Click Ltd in the following categories: Business & Finance, Computing & Telecoms, for more information visit