QC guilty of ‘cavalier’ behaviour over loss of laptop’s court data

A LEADING Scottish advocate has become the first QC in the UK to be found guilty of a “cavalier” and “alarming” breach of data protection, after an unencrypted laptop containing sensitive information about live court cases was stolen from her home.

Edinburgh-based silk Ruth Crawford was heavily criticised by the UK’s Information Commissioner for her “failure to protect personal information” after the computer with data about individuals involved in eight court cases was taken while she was on holiday.

The QC, who spent six years employed as a key legal adviser to Alex Salmond’s government as the second standing junior counsel before becoming a QC in 2008, allowed plumbers to walk around unsupervised while the laptop containing mental and physical health information was in the house.

Sign up to our daily newsletter

The i newsletter cut through the noise

The Information Commissioner also revealed that the laptop was stolen in summer 2009, but the QC deliberately waited for more than two years before reporting the theft, when the last case linked to evidence held on the computer was over.

Ms Crawford, who since taking silk has continued to advise ministers on public and administrative law, was forced to sign an Information Commissioner’s undertaking, with the threat of possible legal action if she repeats the offence.

A spokesman for the Information Commissioner’s Office (ICO) said Ms Crawford was the first QC in the UK to face sanctions over a breach of data protection.

The QC, based at the Axiom Advocates chamber in Edinburgh, could have been fined for breaching the Data Protection Act if the theft had occurred seven months later, when the Information Commissioner was handed new powers to impose fines of up to £500,000.

A strongly worded statement from Ken Macdonald, the ICO’s assistant commissioner for Scotland, said the decision should “act as a warning to other lawyers that their careers could be damaged if they are careless with information held about clients”.

He added: “As this incident took place before 6 April 2010, the ICO is unable to serve a financial penalty in this instance.

“But this case should act as a warning to other legal professionals that their failure to protect personal information is not just about potentially being served with a penalty of up to £500,000 – it could affect their careers too.

“If confidential information is made public, it could also jeopardise the important work they do in court.”

The undertaking signed by Ms Crawford and an ICO enforcement official said: “The theft occurred while the data controller [Ms Crawford] was on holiday, having left plumbers to fit a new boiler at her home.”

Ms Crawford declined to comment on the action taken by the Information Commissioner.