Information Commissioner sounds alarm over lawyers’ handling of personal data


Graham: number of breaches is troubling

The Information Commissioner’s Office (ICO) has issued a warning to solicitors and barristers over the need to keep personal information secure, especially paper files, in the wake of “a number of data breaches” in recent months.

The ICO said that in the last three months, it has received reports of 15 incidents involving members of the legal profession.

Its warning said: “The information handled by barristers and solicitors is often very sensitive. This means that the damage caused by a data breach could meet the statutory threshold for issuing a financial penalty.

“Legal professionals will also often carry around large quantities of information in folders or files when taking them to or from court, and may store them at home. This can increase the risk of a data breach.”

The ICO can serve a monetary penalty of up to £500,000 for a serious breach of the Data Protection Act, provided the incident had the potential to cause substantial damage or substantial distress to affected individuals.

In most cases these penalties are issued to companies or public authorities, but barristers and solicitors are generally classed as data controllers in their own right and are therefore legally responsible for the personal information they process.

Information Commissioner Christopher Graham said: “The number of breaches reported by barristers and solicitors may not seem that high, but given the sensitive information they handle, and the fact that it is often held in paper files rather than secured by any sort of encryption, that number is troubling.

“It is important that we sound the alarm at an early stage to make sure this problem is addressed before a barrister or solicitor is left counting the financial and reputational damage of a serious data breach.”

The ICO has published tips to help lawyers look after the personal information they handle, including:

  • Keep paper records secure. Do not leave files in your car overnight and do lock information away when it is not in use;
  • Consider data minimisation techniques in order to ensure that you are only carrying information that is essential to the task in hand;
  • Where possible, store personal information on an encrypted memory stick or portable device. If the information is properly encrypted, it will be virtually impossible to access it, even if the device is lost or stolen;
  • When sending personal information by e-mail, consider whether the information needs to be encrypted or password protected. Avoid the pitfalls of auto-complete by double checking to make sure the e-mail address you are sending the information to is correct;
  • Only keep information for as long as is necessary. You must delete or dispose of information securely if you no longer need it; and
  • If you are disposing of an old computer, or other device, make sure all of the information held on the device is permanently deleted before disposal.

The ICO said it is currently working with the Bar Council to update the information security guidance provided to barristers.

Tags:




Leave a Comment

By clicking Submit you consent to Legal Futures storing your personal data and confirm you have read our Privacy Policy and section 5 of our Terms & Conditions which deals with user-generated content. All comments will be moderated before posting.

Required fields are marked *
Email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog


Five key issues to consider when adopting an AI-based legal tech

As generative AI starts to play a bigger role in our working lives, there are some key issues that your law firm needs to consider when adopting an AI-based legal tech.


Bulk litigation – not always working in consumers interests

For consumers to get the benefit, bulk litigation needs to be done well, and we are increasingly concerned that there are significant problems in some areas of this market.


ABSs, cost and audits – fixing regulation after Axiom Ince

A feature of law firm collapses and frauds has sometimes been the over-concentration of power in outdated and overburdened systems of control.


Loading animation