QC guilty of data protection breach over loss of laptop’s court data

Edinburgh-based silk Ruth Crawford was heavily criticised by the UK’s Information Commissioner’s for her “failure to protect personal information” after a laptop containing information about individuals involved in eight court cases was stolen from her home while she was on holiday.

Ms Crawford, who spent six years as the second standing junior counsel to ministers before becoming a QC in 2008, allowed plumbers to walk around unsupervised while the laptop containing mental and physical health information was in the house.

The Information Commissioner also revealed that the laptop was stolen in summer 2009, but that the QC waited for more than two years before reporting the theft, when the last case linked to evidence held on the computer was over.

Ms Crawford, who since taking silk has continued to advise ministers on public and administrative law, was forced to sign an Information Commissioner’s undertaking, with the threat of possible legal action if the QC repeats the offence.

A spokesman for the Information Commissioner’s Office (ICO) told The Scotsman that Ms Crawford was the first QC in the UK to face sanctions over a breach of data protection.

The QC, based at the Axiom Advocates chamber in Edinburgh, could have been fined for breaching the Data Protection Act if the theft had occurred seven months later when the Information Commissioner was handed new powers to impose fines of up to £500,000.

However, Scottish Tory justice spokesman David McLetchie, a lawyer by profession, said he would be very surprised” if the Scottish Government opted to use Ms Crawford’s legal services again.

He said: “There has been a cavalier disregard here for information of a confidential nature and it’s difficult to understand why Ms Crawford did not report the theft in order to protect individuals likely to be affected.

“Frankly I’d be very surprised if she was entrusted with information of a confidential nature again by ministers and senior civil servants in the Scottish Government or other public agencies, given her poor record in this instance.”

Scottish Labour’s Shadow Community Safety Minister James Kelly called for action to ensure that “this kind of breach is prevented from happening again.”

He said: “Incidents like this undermine public confidence. “This an alarming breach of security for such a high ranking official.”

A strongly worded statement from, Ken Macdonald, assistant information commissioner for Scotland, said that the said the decision should “act as a warning to other lawyers that their careers could be damaged if they are careless with information held about clients.

He said: “As this incident took place before the 6 April 2010 the ICO is unable to serve a financial penalty in this instance.

“But this case should act as a warning to other legal professionals that their failure to protect personal information is not just about potentially being served with a penalty of up to £500,000 – it could affect their careers too. If confidential information is made public, it could also jeopardise the important work they do in court.”

The undertaking signed by Ms Crawford and an Information Commissioner’s enforcement official said: “The theft occurred while the data controller (Ms Crawford) was on holiday, having left plumbers to fit a new boiler at her home.”

Ms Crawford said she contacted police after the theft and had not sought to conceal what had happened.