Data breach warning for government lawyers
Lawyers working for the government have been told to improve their handling of sensitive data after a number of breaches came to light.
Un-redacted personal data was wrongly disclosed on three occasions, and information about an unfair dismissal claim was sent to the wrong person.
The Treasury Solicitor's Department said it took breaches "very seriously".
It has agreed an undertaking with the Information Commissioner to strengthen its data protection procedures.
The four breaches were all reported to the data protection watchdog by the department itself - which is part of the Attorney General's Office.
Three of the incidents happened in 2012, the other in 2013.
In three cases, files sent to a claimant and their solicitor during the course of litigation contained un-redacted personal data and resulted in information being wrongly disclosed to third parties.
In the fourth, papers sent to an individual claiming unfair dismissal contained details relating to a totally separate case.
The Information Commissioner said some of the information that was "compromised" related to alleged offences by the individuals concerned and therefore was regarded as sensitive under the terms of data protection laws.
Rather than issuing an enforcement notice, the watchdog has agreed a series of undertakings that require the government department to address "identifiable gaps" in its data handling processes within six months.
It will be obliged to:
- follow a clear and documented process for preparing information for disclosure
- introduce a defined checking process before release of material
- improve lines of communication between senior and junior staff
- create a mandatory staff training programme about data compliance
The department, which provides advice and other legal services across government, said it had taken swift action once it had become aware of the breaches.
"We have reviewed our practices and put in place additional processes to ensure we avoid this type of breach in the future," a spokesman said.
"We take this type of breach very seriously, and reported it to the Information Commissioner ourselves.
"We acted quickly to retrieve the material as soon as the incidents were brought to our attention.
"We are confident that all material has been recovered and no further dissemination of the material will take place."