Whitehall’s largest legal department, the Treasury Solicitor’s Department (TSol) is to improve its data protection practices after an independent investigation found it had breached the Data Protection Act four times between 2011 and 2012.
The investigation by the UK’s independent data privacy authority, the Information Commissioner’s Office (ICO), found that TSol failed to comply with the act after it released the personal information of individuals to third parties on four separate occasions between August 2011 and November 2012.
The ICO found that in three of the cases, papers relating to various pieces of litigation were sent out to the claimants’ solicitors, while still containing the personal information of third parties that should have been redacted. In the fourth case, a bundle of case papers relating to an unfair dismissal case were sent to a complainant, but contained the personal data of an individual pursuing a separate claim.
As a result, the ICO has today (26 February) required TSol to improve its processes when redacting documents.
Under the new requirements, TSol must provide a ‘clear documented procedure for staff to follow when preparing information for disclosure’ and a checking process for sensitive and personal data relating to third parties. They must also ensure that communication between junior and senior lawyers is structured and that a mandatory and comprehensive training programme for all new and existing staff is provided. These measures are required to be implemented within six months.
ICO head of enforcement Stephen Eckersley said: ‘Data security is only as good as the weakest link in the chain. In this case, the Treasury Solicitor’s Department provided guidance to staff on how to prepare documents for disclosure, but there were clear gaps in the information provided and it wasn’t understood by their staff. This led to a series of data breaches over a 16-month period that could easily have been avoided.
‘The nature of the work carried out by the Treasury Solicitor’s Department means they should have recognised they were failing in their legal duty to keep people’s information secure. However, delays in addressing these issues allowed further breaches to occur, which has resulted in today’s agreement between our office and the department to improve its practices.’
A spokesperson for TSol said: ‘This is the first time that TSol has been issued with an undertaking. We have reviewed our practices and put in place additional processes to ensure we avoid this type of breach in the future. We take this type of breach very seriously, and reported it to the Information Commissioner ourselves.
‘We acted quickly to retrieve the material as soon as the incidents were brought to our attention We are confident that all material has been recovered and no further dissemination of the material will take place.’
Separately, the chief executive and permanent secretary of TSol Paul Jenkins QC announced he will be retiring at the end of February, and will be replaced by incoming treasury solicitor and HM procurator general, Jonathan Jones.
Jones, who is currently the legal adviser to the Home Office and Northern Ireland Office, was chosen following an open competition. The appointment was approved by the prime minister, following consultation with the deputy prime minister and the attorney general.
The attorney general Dominic Grieve QC MP said: ‘The post is a crucial one, especially as more and more of the legal advisory functions of the government are coming under the umbrella of the Treasury Solicitor’s Department. His predecessor will be a hard act to follow, but I know that Jonathan has the right combination of vision and professional skills to rise to the challenge.’