back to article Barrister fined after idiot husband slings unencrypted client data onto the internet

A barrister has been fined by the UK Information Commissioner's Office after client information was accidentally uploaded to the internet. According to the monetary penalty notice [PDF] issued against the senior lawyer, who is unnamed, she was only stung for £1,000. The note was published today. We're told information …

WTF?

£1,000 fine

she has only been fined £1,000 by the ICO

.....and what do these people earn per hour??

19
1
Silver badge

Re: £1,000 fine

£1,000, I think that's about a 15 minute phone call with their junior assistant.

6
0
Silver badge

Re: £1,000 fine

.....and what do these people earn per hour??

Earn, or charge? The hourly charge to you isn't either average or take home pay, as our contracting and zero hours IT bretheren can attest. I'd expect your hourly charge to never be much less than £100 an hour and upwards from that towards £1,000 an hour. But out of that barristers have to pay their supporting clerks, admin, premises costs and the like.

A junior barrister in a provincial city could be earning less than £40k a year before their deductions, and even senior barristers can struggle to push through £100k a year, although it depends greatly on what they are specialised in. On the other hand, those doing top end commercial litigation out of a top flight London office ("Chambers") can exceed £1m a year gross.

9
4
DJV

Re: £1,000 fine

"senior barristers can struggle to push through £100k a year"

My heart bleeds...

10
3

Re: £1,000 fine

A junior barrister in a provincial city could be earning less than £40k a year before their deductions, and even senior barristers can struggle to push through £100k a year

Could you remind me the value of median and average incomes in UK please?

3
1
Anonymous Coward

Re: £1,000 fine

What's the median income of people in the UK with two degrees and an 80-hour working week?

3
0

Re: £1,000 fine

What's the median income of people in the UK with two degrees and an 80-hour working week?

Well, in the US, my niece teaching special needs students needed three degrees for her job, works the same hours during the school year (and about half that for summer terms) and would LOVE to make 40% of that.....

0
0
Silver badge

Re: £1,000 fine

"even senior barristers can struggle to push through £100k a year"

Back in the '70s & '80s the senior criminal barristers in NI were reputed to be making £250k a year. I'm not sure of the evidence for this, however.

0
1
Silver badge

Why store them on a shared computer in the first place?

I don't see why she would store those files on a shared machine in the first place, was she not issued a laptop from her organization? Or if they are completely independent, do they not have the money to buy a cheap laptop? And how would they support their client if they needed one of those files while at the court house, do they just drag the family computer around with them?

I have no sympathy for idiots like this. People trusted their most sensitive information to this person (not even the government would have access to the data being held). £4 per person affected isn't enough, a pound of flesh per client affected would probably be a better punishment...

23
2
Bronze badge

Re: Why store them on a shared computer in the first place?

If the computer was only shared with her other half then it's only shared in the most technical sense. It's not like she was storing them on a PC at a webcafé. If the computer was up to date with security patches & AV then that could certainly count as having reasonable protections in place. The file could even have been password protected on the drive.

Now I hate to be the voice of reason when we could be laughing at lawyers but given that details in the story are scarce on how the information was stored, I think you may be going a bit far.

17
9
Silver badge

Re: Why store them on a shared computer in the first place?

And I'm assuming that in your frenzied Daily Mail appetite to see her villified, publicly humiliated, and no doubt leaving her (hard earned) career and reputation in tatters; that a public hanging, drawing and quartering and burning at the stake would be a better punishment?

Thought so. But thankfully most of us are a little more forgiving and civilised.

It seems to me that lots and lots of people are still learning about this sort of stuff. From huge global corporates, to what we have here - which whilst in no way lightens to idiocy, but that after consideration and review maybe represents the ACTUAL end damage done.

14
19

Re: Why store them on a shared computer in the first place?

I'm sure "shared in the most technical sense" would be fine by you if a GP's spouse uploaded a copy of your STI test to dropdrive and allowed it to be picked up by the googlebot

13
0

This post has been deleted by its author

Silver badge

Re: Why store them on a shared computer in the first place?

"Barristers are usually self-employed." And that is why the next sentence exists, a laptop or computer specifically for this purpose wouldn't break the bank, and is cheaper than even an hour of their time. Heck, a 5+ year old used laptop would work just fine for managing legal documents.

"Your use of spelling and words suggests you're American"

Actually I'm Icelandic. But I was educated and lived in the US for my formative years. Yes, things are a bit different than in the 'Kingdom, here in Iceland we hold our public servants / professionals accountable for violating our trust in them.

18
2
Silver badge
FAIL

@ArrZarr

"The file could even have been password protected on the drive.

Now I hate to be the voice of reason when we could be laughing at lawyers but given that details in the story are scarce on how the information was stored, I think you may be going a bit far."

Which part of: "visible to an internet search engine and some of the documents could be easily accessed through a simple search" did you chose to ignore from the article?

10
1
Silver badge

Re: Why store them on a shared computer in the first place?

>"Barristers are usually self-employed." And that is why the next sentence exists, a laptop or computer specifically for this purpose wouldn't break the bank

I don't see anything in the article that suggests this wasn't already the case

> The incident occurred when her husband backed them up using an online file directory service while he was updating software on the couple's home computer.

It's equally possible this was her "dedicated" laptop, but she passed it to her husband to install some updates.

She'd still have misplaced her trust, but that'd be slightly different. Either way she should have used encryption.

The point being, you've got scant details available on what actually happened, so put out your torch and put the pitchfork back in the shed.

9
3
Silver badge

Re: Why store them on a shared computer in the first place?

>Now I hate to be the voice of reason when we could be laughing at lawyers

It may not have even been shared. Maybe hubby was asked to do the IT maintenance and organise backups etc.

It highlights the problem that people still think they "have the internet on my computer" and that what is on my local screen is on my local hardware. It isn't your personal computer any more.

More importantly, what kind of backup system immediately shoves the content at a search engine?

More interesting than the barrister's name would be the backup system's name.

4
0
TRT
Silver badge

Re: More interesting than the barrister's name would be the backup system's name.

Definitely. This sound a very dodgy bit of gear.

4
0
Silver badge
Coat

Re: Why store them on a shared computer in the first place?

@Crazy Operations Guy - a pound of flesh? You are going to be in REAL trouble if you try collecting.

- Mine's the one with the playscript in the pocket.

3
0
Silver badge

Re: Why store them on a shared computer in the first place?

"It may not have even been shared. Maybe hubby was asked to do the IT maintenance and organise backups etc."

And asking a rather incompetent bloke to do maintenance on her laptop would have been no big deal for a wife - as a barrister though she's kinda expected to seek properly competent maintenance if needed. And I'm not even going to ask whether she ever considered what happens if said laptop ever gets lost / stolen.

2
0
TRT
Silver badge

Re: Why store them on a shared computer in the first place?

Whole device encryption means bugger all if you are copying the decrypted data out to another location.

2
0
Bronze badge

Re: @ArrZarr

The part where adequate protections may have been in place on the computer itself but stripped during the upload by somebody the barrister trusted.

I was umming and aahing about adding that bit about the password protection but it's not inconceivable that it could have been protected and lost that protection.

@David Neil On the note of whether I would be happy if it were my data? Of course I wouldn't be happy but I certainly wouldn't be going as far as demanding pounds of flesh from said barrister which was the post I was calling out as going a bit far.

2
0
Silver badge

Re: Why store them on a shared computer in the first place?

"Maybe hubby was asked to do the IT maintenance and organise backups etc."

I don't know how client confidentiality works in the legal profession or in the UK. But in my world of classified information, my wife has no more privileges than does the family of Russian spies living down the street.

1
0
Silver badge

Re: Why store them on a shared computer in the first place?

"I don't see why she would store those files on a shared machine in the first place, was she not issued a laptop from her organization? Or if they are completely independent, do they not have the money to buy a cheap laptop?"

Hmmm. Let's look at it differently. Let's think what might happen if she'd used only a laptop and had files of >700 people on it. Let's say that laptop was reported stolen. My guess is that we'd then have a Crazy Operations Guy saying "Why did she have them all on the laptop? Couldn't she have used a separate computer to keep the files on and just kept the ones she needed at the time on the laptop?".

0
0
Silver badge

Re: Why store them on a shared computer in the first place?

"More interesting than the barrister's name would be the backup system's name."

Definitely.

0
0
Silver badge

Online backup?

Whether or not it was a shared computer, the bit that worries me is the 'cloud' backup that included features to allow files to be publicly read.

Call me a Luddite but local backup to an encrypted USB drive or stick which is then kept in the garden shed is a) faster b) not readily accessible by GCHQ/NSA (or, in this case, Google and the public) and c) a hell of a lot safer. Problem is the punters aren't experts and are seduced by the cloudy salesmen.

26
1
Silver badge

Re: Online backup?

Your idea of ShedDrive intrigues me. Please expand further. Can it be used by my Greenhouse VM?

11
0

Re: Online backup?

The ShedDrive would need to be padlocked when not in use, obviously.

2
0
Silver badge
Coat

Re: Online backup?

Your idea of ShedDrive intrigues me.

Would it use Shed or Attached Storage?

2
0

Re: Online backup?

Online backups are stored on the Cloud, which is another word for someone else's computer. Unless you encrypt data before uploading it to cloud storage, you run a risk of having it stolen.

Local encryption, is easy and can be done before uploading to the cloud is available through a wide variety of apps. VeraCrypt http://veracrypt.org works with DropBox, while SyncDocs https://syncdocs.com encrypts Google Drive.

I wonder how they caught her? Did some client's names appear in a Google search?

4
0

Re: Online backup?

And Cryptomator works with any cloud storage provider.

0
0
TRT
Silver badge

Re: Online backup?

Do I need to replicate in next door's shed?

1
0

Re: Online backup?

> Do I need to replicate in next door's shed?

You could get arrested for that...

2
0
TRT
Silver badge

Re: Online backup?

I laid a fat pipe in between the two sheds.

0
0
Silver badge

Re: Online backup?

In the case of data like this UnShed storage would be better. Got to keep it separate from everything else.

0
0
Silver badge

Re: Online backup?

"I wonder how they caught her? Did some client's names appear in a Google search?"

Reading the linked PDF that appears to have been the case.

1
0
Silver badge

Re: Online backup?

"I wonder how they caught her? Did some client's names appear in a Google search?"

Reading the linked PDF that appears to have been the case.

Plus her name appeared as the author of some of the documents...

1
0
Facepalm

Top Tips For Barristers...

"when her husband backed them up using an online file directory service while he was updating software on the couple's home computer"

Top Tip... Buy yourself a laptop. Don't let anyone else use it. You could even consider using encryption...just a passing thought.

10
3
Silver badge

Re: Top Tips For Barristers...

Top Tip... Buy yourself a laptop. Don't let anyone else use it. You could even consider using encryption...just a passing thought.

And FFS don't lose it.

The original article mentioned that information about something like 250 people was involved; I have no idea what a barrister's caseload is like but that seems like an awful lot. From this it follows that some of the information was no longer "current" and should have been archived somewhere else and deleted from the PC (or any other personal device).

I also find myself wondering if barristers - being largely if not wholly self - employed - are also required to be Data Controllers as defined in the DPA. Is the data "theirs" or does it belong to the chanbers in which they work? Do the various chambers have an appointed Data Controller who is supposed to have overall charge of the information processed through the the chambers concerned?

Having skim - read the referenced guidance note for barristers I have to say that I found it a bit wooly; too many "shoulds" and not enough "musts". That said the document goes to some trouble to say that its standing is not entirely to be relied upon, so to speak.

To me this incident highlights the fact that material handled by barristers (and almost certainly solicitors as well) is not being as closely controlled as it really ought to be; there are too many opportunities for confidential material to slip through the net because nobody really knows whose net it is.

5
0
Silver badge

Indeed

This is the exact issue I have with all the "automation" that is being offered willy-nilly.

You have a job dealing with people's personal data. You cannot allow yourself to treat the paltform you're working on as something on which you can just go and install any FaceBook, SnapChat, DropBox or whatever other shiny-shiny you feel like.

With a barrister's revenue, one would think that it would be possible to have one laptop for working and another one for dicking around on Instagram or whatever.

In any case, this fine is a necessary wake-up call to everyone dealing with personal data on their laptops : do things right and, if you're not sure, ask an IT pro what is right. Yes, it will cost money. What you need to ask yourself is how much more would it cost to your reputation to not do things right.

16
0
Silver badge

Re: Top Tips For Barristers...

The original article mentioned that information about something like 250 people was involved; I have no idea what a barrister's caseload is like but that seems like an awful lot.

Not neccessarily they could be complaintants against an organisation or someone for their actions.

3
0

Re: Indeed

@ Pascal Monett

I used to do a lot of IT work for lawyers. It always amazed me that lawyers that charge clients $300-$500 per hour, were cheap SOB's when it comes to paying for IT support. The only clients I ever got stiffed by were lawyers. Good luck collecting from them!

They have the attitude that their time is worth X, and no one else's time it worth anything.

14
1
Silver badge

Re: Indeed

They have the attitude that their time is worth X, and no one else's time it worth anything.

Shakespeare got it right over 400 years ago: The first thing we do, let's kill all the lawyers

( Henry VI, Part 2, Act IV, Scene 2.)

4
0
Silver badge

Re: Top Tips For Barristers...

"To me this incident highlights the fact that material handled by barristers (and almost certainly solicitors as well) is not being as closely controlled as it really ought to be"

This area is a prime candidate for a proper training course which would cover the risks and present workable solutions.

A nice little business idea for one of you.

1
0
Silver badge

@ usbac

I hear you.

In 20 years consulting in Luxembourg, I've done a few lawyer establishments in my time. As fancy as the marble floor at the entrance may be, I've always been surprised at how the IT guy would never have a spare PC for me to work on in his office under the roof that you can only get to through rickety stairs that haven't seen a carpenter since 1946.

And of course, he would have to stay right next to me (standing because no additional chair) while I worked on his PC to solve whatever problem it was I had come for.

I was always glad to leave those places. Suits and ties do not mean everything.

1
0
Bronze badge

Re: Top Tips For Barristers...

Top tip topper. Don't put all of your sensitive data on a laptop and carry it around with you. Transfer working files encrypted on a thumb drive kept in a pocket (not a purse or bag). Laptops loaded with sensitive data seem to go missing all of the time.

A further lesson is Cloud = Public. Even knowing that barristers struggle with maths, that one should be easy enough. Now where did I put those naughty pictures of Jennifer Lawrence?

0
0
Bronze badge

Re: Top Tips For Barristers...

Just a day after I make a post about laptops going missing with sensitive data on them, a US Secret Service agent has a laptop stolen from her car, in her driveway containing, presumably, unencrypted details about presidential security at Trump Tower and evacuation protocols and information regarding the investigation of Hillary Clinton's private email server. Whoops!

Any bets that it might have been done on purpose so some leaked information can be attributed to the theft?

0
0
Silver badge

Re: Top Tips For Barristers...

"I also find myself wondering if barristers - being largely if not wholly self - employed - are also required to be Data Controllers as defined in the DPA."

Read the ICO's PDF linked from TFA.

0
0
Silver badge
Stop

Gavel picture in article.

https://fullfact.org/law/no-gavels-please-were-british/

http://inappropriategavels.tumblr.com/

"judges have never, at any time, used gavels in England".

4
0
Silver badge
Coat

Re: Gavel picture in article.

I accept that that is true, but it is also very likely that the English population has been just as brainwashed (if not more) with all the American police shows as the rest of the world, so the gavel remains a pertinent image.

3
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017