Forum Home  →  Discussion  →  Decision making and appeals  →  Thread

HMCTS & GDPR

 

Peter Turville
forum member

Welfare Rights Worker, Oxford Community Work Agency

Send message

Total Posts: 1268

Joined: 18 June 2010

we routinely sent submissions and supporting evidence to HMCTS by email. Under GDPR we are of the opinion that this needs to be done by secure email as submissions/evidence often contains both personal and sensative information.

However HMCTS do not appear to be able to accept secure emails. They have advised that this issue has been raised and is awaiting a response from their ‘digital change’ team but in the meantime .......

What experience have other had submitting evidence by secure email?

The alternative is to revert to snailmail which (a) costs (b) requires a phone call to confirm it has been received (unlike email where an automated acknowledgement is received).

Given that HMCTS is moving towards digital hearings one might have thought they would have had their act together on this didgital issue in advance of GDPR?

     
tbidmead
forum member

WRAMAS, Bristol City Council

Send message

Total Posts: 279

Joined: 7 January 2013

Out of interest what do you mean by secure email?

Personally, I’m not sure there is a data protection problem sending documents to HMCTS via email. Under GDPR clients must be aware of what we are doing with their data and they need to agree to this & be able to opt out; but this can be achieved via a privacy notice and a consent form.

     
ClairemHodgson
forum member

Solicitor, SC Law, Harrow

Send message

Total Posts: 889

Joined: 13 April 2016

tbidmead - 08 August 2018 03:02 PM

Out of interest what do you mean by secure email?

.

something like egress https://www.egress.com/

this enables all emails to be encrypted, and also enables encryption of any attachments (and even enables creation of an encrypted CD)

however, to receive such email and be able to have it in outlook and print it, the recipient has to have egress as well

the medical defence societies (and their solicitors) have been using it for ages

there are other variations on the same theme

 

     
Peter Turville
forum member

Welfare Rights Worker, Oxford Community Work Agency

Send message

Total Posts: 1268

Joined: 18 June 2010

It is egress that we are using!

     
ClairemHodgson
forum member

Solicitor, SC Law, Harrow

Send message

Total Posts: 889

Joined: 13 April 2016

Peter Turville - 08 August 2018 04:34 PM

It is egress that we are using!

:-)

i’ll believe the courts & tribunals getting that when they get it.

     
Helen Rogers
forum member

Welfare Rights Officer, Stockport MBC

Send message

Total Posts: 85

Joined: 17 June 2010

I email The Tribunals Service at Liverpool using a secure email address and they seem to receive them.  Although they have changed over to a new email address and this doesn’t send you an automated reply.  At the moment I’m emailing the new and old addresses to make sure I get the automated reply.

     
BC Welfare Rights
forum member

The Brunswick Centre, Kirklees & Calderdale

Send message

Total Posts: 952

Joined: 22 July 2013

Same here emailing Leeds. They have changed the gsi to @justice and receive my emails from cjsm mail but no longer send auto acknowledgement receipts
Edit
When I have remembered to ask them to acknowledge receipt someone has done though

      [ Edited: 9 Aug 2018 at 04:17 pm by BC Welfare Rights ]
Martin Williams
forum member

Welfare Rights Advisor, CPAG, London

Send message

Total Posts: 583

Joined: 16 June 2010

Peter Turville - 08 August 2018 02:28 PM

we routinely sent submissions and supporting evidence to HMCTS by email. Under GDPR we are of the opinion that this needs to be done by secure email as submissions/evidence often contains both personal and sensative information.

Can’t you get claimants to sign an authorisation saying they don’t mind their data being sent by non encrypted email?

I think something like this would work (shamelessly stolen and adapted from wording HMRC Litigation Team ask you to sign up to when conducting pre-action correspondnece for JR):

“We take the security of personal information very seriously and email over the internet is inherently insecure. Among the more significant risks are:

·      an unencrypted message can be read by anybody who has access to the networks and servers between the sender and the receiver;
·      there is no proof that the sender or the content of the message are genuine;
·      emails may easily be misdirected, diverted, copied or forwarded;
·      there are no guaranteed delivery times. Indeed, email sent over the Internet may never arrive and neither the sender nor the recipient would know.

However, in many instances sending information via email is the quickest method of delivery.

Declaration

My client and I fully understand and accept the security risks of conducting correspondence by unencrypted email over the open internet. 
My client and I recognise that these risks include, but are not limited to, those shown above.
My client and I hereby authorise the intended recipient of any emails to send correspondence intended for me by email.”

     
Jon (CHDCA)
forum member

Welfare Benefits, Craven CAB, N Yorks

Send message

Total Posts: 1190

Joined: 16 June 2010

This can quickly get way too technical for me, but as I understand it, sometimes what UK gov calls “secure email” is just email sent from their own domains, and from servers that have been configured to their own standards. That doesn’t necessarily mean that the email and all attachments are encrypted by the sender, so that it can only be decrypted by the intended recipient who must install software at their end, which is what some agencies do.

Attached doc has an overview of some of this.

     

File Attachments