Stolen laptop leaks client info
A stolen, unprotected work laptop has put at risk the confidential details of more than 80 legal aid clients.
The laptop was taken in a September burglary of the home of a recently resigned legal aid lawyer, Ministry of Justice chief operating officer Carl Crafar said.
The laptop contained the confidential details of at least 83 of the lawyer’s former clients and was not password protected.
The lawyer, who specialised in family law, resigned before the burglary.
But her laptop, taken from her North Auckland home, contained a range of her former clients’ information, including some cases supported by family legal aid. The burglary is being investigated by the police, and the Privacy Commissioner and the Law Society has been advised.
Legal aid providers are independent lawyers who carry out criminal, family, and civil legal work for clients who cannot afford a lawyer.
They are approved by the Secretary for Justice, who is also the chief executive of the Ministry of Justice. But decisions on who should receive legal aid are made by an independent statutory officer, the Legal Services Commissioner.
About 1800 approved lawyers provide legal aid services working for firms or for themselves as a firm in their own right. In the 2017 to 2018 financial year, the ministry spent $160 million on legal aid, an increase of $16m on the year before.
Crafar said the ministry was assisting a former legal aid lawyer to contact her clients about the theft of her laptop and the possible loss of private information.
Eighty-three letters had been sent to former legal aid clients this week, either by email or courier, advising them of the theft and potential loss of their personal information.
Letters were also being sent to a number of counsel representing other parties in proceedings subject to legal aid.
Crafar said the ministry was concerned about the minimal IT security precautions the lawyer had in place to protect her clients’ information.
National’s justice spokesman Mark Mitchell said the breach was ‘‘unacceptable’’.
The fact the laptop was not password protected was ‘‘incredible’’ and, with minors involved, it was particularly serious.
‘‘If you’ve got lawyers that have got legal aid contracts tied back to the Ministry of Justice then actually there should be some rules around how that very sensitive information is treated.
‘‘If it’s stored on a private laptop then it would be incumbent on that person to ensure that if the laptop is stolen or somehow gets taken that information is fully encrypted and protected.’’
As a result of this incident, the ministry has published information reminding legal aid providers of their obligations to ensure they keep client information safe. It would also be reviewing ICT security standards as a part of yearly audits of legal aid providers.
The Law Society would not comment specifically on the case but referred to the legal obligations of lawyers under current legislation, which included ‘‘a duty to protect and to hold in strict confidence all information concerning a client, the retainer, and the client’s business and affairs acquired in the course of the professional relationship’’.
A spokesman for Privacy Commissioner office confirmed it had been notified of the breach. ‘‘If any individual feels this breach has harmed them, they can make a complaint to our office.’’