Guernsey law firm fined £10,000 for data security breach

A Guernsey-based law firm has been fined £10,000 after sharing "highly confidential and sensitive" information.

Trinity Chambers LLP sent private details about an individual and their family via emails and post, the Data Protection Authority (ODPA) found.

It said a lack of security had given "unconnected" third parties access to the data.

The firm has been approached for comment.

The breach of data by Trinity was the result of "repeated human error", an investigation found.

The Bailiwick's Data Protection Commissioner Emma Martins said the ODPA had been "disappointed" by the firm's response.

She said: "There is little evidence that the controller in this case engaged in a timely manner with the complaint or appreciated the impact of the breach on the individuals concerned.

"This is especially relevant considering the role that trust and confidentiality plays in the legal sector."

She added that the fine aimed to reflect "the serious nature and impact of failing to look after personal data", and its potentially "significant" impact in a small island community.

Trinity Chambers have not appealed the decision, according to the ODPA.

The money, if paid, will be sent to the States of Guernsey's general revenue account.