The Information Commissioner’s Office (ICO) has found the Scottish Court Service in breach of the Data Protection Act for failing to prevent court documents containing personal data being accidentally disposed of at a local recycling bank in Glasgow.
The ICO was made aware of the breach when a Scottish newspaper published details of the discovery of files containing appeal documents on 25 September 2010.
Subsequent checks by the ICO revealed that the papers had been lost by the editor of a series of law reports, and that the court service had failed to check how the information would be kept secure.
The court service has tightened its procedures on the handling of sensitive information by its staff and other people involved in the court process, the ICO said.
The editor of the law reports has also agreed to improve the way court documents that include sensitive personal details are handled.
Ken Macdonald, assistant commissioner for Scotland at the ICO, said people involved in court cases should be able to feel confident that their personal and sensitive information is going to be kept secure and not taken outside of the court room.
“Had any of the papers in this case fallen into the wrong hands, the privacy of the individuals concerned might have been threatened”, he said
Eleanor Emberson, chief executive of the Scottish Court Service, has signed a formal undertaking to ensure that all staff are aware of the court service’s policy for the storage, use and disclosure or sharing of personal data.
All staff will be trained and all parties involved in the sharing of data must sign up to a memorandum of understanding with the service.
This story was first published by Computer Weekly