Judge used personal email to send out details of sensitive case
Complaint lodged with Judicial Conduct Investigations Office
Concerns have been raised over a British judge's use of his personal email address to send out a ruling in a family court case, which contained sensitive personal information.
The Register has seen evidence that the judge in question used two personal accounts to send out a draft ruling and final ruling: one using a domain owned by his son and another email account associated with iCloud.
We have not named the individual in order to prevent him becoming the target of social engineering.
A complaint has been raised with the UK's Judicial Conduct Investigations Office regarding the security practises, and Blighty's data protection watchdog: the Information Commissioner's Office.
The use of personal email seems highly unusual - with all government departments subject to the mandatory guidance for securing government email.
Certainly, HM Courts & Tribunals Service (HCTS) appears to be aware of the security considerations.
For example, one automated receipt in response to an email to the HCTS, seen by The Register, states: "Internet e-mail is not a secure medium. Any reply to this message could be intercepted and read by someone else. Please bear that in mind when deciding whether to send material in response to this message by e-mail."
One legal expert, who asked not to be named, told The Register that standards are rigorously applied across the Ministry of Justice, which relies on its staff not to compromise security by deviating from standards.
He added: "With regards to judges' use of email, I have, in a very discreet way, taken soundings of actual practice in this regard. It is certainly the case that direct communication with a judge is not common, as it usually takes place via another party within the MoJ when it does occur.
"I was unable to find any example of a judge using anything other than the organisation's prescribed email system, which, of course, has the relevant security standards."
He added the judge's behaviour raised a number of issues such as a possible breach of mandatory standards, and "may pose a risk to the organisation he works for and those he interacts with outside the organisation".
A spokesman for the judiciary said: “We cannot comment on this specific case. Judges can access detailed guidance on the use of IT on the judicial intranet.”
The Register asked if the judiciary had been issued guidance on the use of personal email addresses for handing out rulings and whether this something that is considered good practice. But the spokesman told us he had nothing further to add.
The ICO did not comment. ®
Sponsored: Becoming a Pragmatic Security Leader