Unencrypted laptop of QC who advises Scottish Government stolen
Ruth Crawford's laptop was not reported stolen for more than two years.
An unencrypted laptop was stolen from the home of a QC who provides legal advice to the Scottish Government.
Ruth Crawford also allowed plumbers to walk around unsupervised while the laptop containing mental and physical health information about individuals involved in live court cases was in the house.
The Edinburgh-based advocate was the second standing junior counsel to ministers before becoming a QC in 2008.
Since taking silk, she has continued to advise ministers on public and administrative law.
The laptop was stolen in summer 2009 but the theft was not reported for more than two years.
Ms Crawford could have been fined for breaching the Data Protection Act if the theft had occurred seven months later when the Information Commissioner was given new powers to impose fines of up to £500,000.
She has now signed an undertaking to encrypt all her portable devices and keep them under lock and key.
The undertaking states: "The theft occurred while the data controller (Ms Crawford) was on holiday, having left plumbers to fit a new boiler at her home. The data controller provided the plumbers with keys and the code to her alarm.
"She highlighted the importance of keeping her front door locked and of activating the alarm when leaving the house.
"Upon returning from holiday on September 3 2009, the data controller discovered that the laptop and a purse were missing from her study. She subsequently reported the matter to the police.
"The commissioner has noted that physical security measures were in place at the time of the incident but that there was insufficient technical security employed on the laptop to protect the data."
The Information Commissioner was only informed of the theft on August 30 this year, when the last case relating to information held on the laptop was concluded.
The laptop contained personal data about individuals involved in eight court cases on which the advocate had been working.
This included details about the physical and mental health of individuals in two of the cases.
However, the commissioner concluded that most of the information compromised would already have been released as evidence in court papers.
Ken Macdonald, Assistant Commissioner for Scotland, said: "The legal profession holds some of the most sensitive information available. It is therefore vital that adequate security measures are in place to keep information secure.
"As this incident took place before April 6 2010 the ICO is unable to serve a financial penalty in this instance. But this case should act as a warning to other legal professionals that their failure to protect personal information is not just about potentially being served with a penalty of up to £500,000 - it could affect their careers too.
"If confidential information is made public, it could also jeopardise the important work they do in court.
"The ICO would also like to assure the legal profession that any information reported to this office will not be disclosed unless there is specific legal authority for us to do so.
"Therefore all breaches should be reported to our office as soon as practically possible."