ICO Issues Warning To Law Firms After Breaches

Aug 11, 2014

The Information Commissioner’s Office (ICO) has issued a warning to legal firms that personal information, including paper files, must be kept secure.

The cautioning towards barristers and solicitors comes as the ICO has been informed of a number of data breaches related to the law profession.

Over the last three months, the organisation claims that it has received complaints for 15 incidents involving members of the legal industry.

The ICO notes that it is able to serve a penalty of up to £500,000 when there is evidence that the Data Protection Act has been broken.

It says that although such monetary penalties are often reserved for companies or public authorities, barristers and solicitors can be classed as data controllers in their own right, making them legally responsible for personal information they handle.

Because such data is often very sensitive, the ICO says, breaches can often meet the statutory threshold for issuing a fine.

The organisation also claims that because those in the profession often carry large quantities of information in folders and files to and from court, the risk of data breach is increased.

Small Number of Breaches Outweighed By Information Significance

“The number of breaches reported by barristers and solicitors may not seem that high, but given the sensitive information they handle and the fact it is often held in paper files rather than secured by any sort of encryption, that number is troubling,” claimed Information Commissioner Christopher Graham.

“It is important that we sound the alarm at an early stage to make sure the problem is addressed before a barrister or solicitor is left counting the financial and reputational damage of a serious data breach,” he added.

Following its warning, the ICO has issued some guidelines for legal firms wishing to increase security and minimise data breach risk.

These include keeping paper documents secure by locking information away when not in use and not leaving it in places such as a car overnight.

Besides this, it is recommended barristers and solicitors only carry information essential to the tasks in hand and where possible, information must be stored on an encrypted portable device.

The ICO also recommends only keeping information for as long as necessary and making sure all data is permanently deleted before disposing of electronic devices.

The organisation and The Bar Council are currently working together to ensure that Information Security Guidance provided to legal professionals in England and Wales is updated.

© 24N.biz 

Business / data breach / Information Commissioner's Office / legal profession / security
Comments
No comments yet.

Comment

 

Understanding the risks and rewards of public sector cloud 

Download the Whitepaper now

Partner

Partners

24Newswire
Sign up to receive latest news

Twitter Feed

Why does pubsec ICT PR firm @MantisPR want to be at the upcoming #eventcentreUK THINK Digital Vendors 2016 event? https://t.co/3tE5o7aMmO
@24nbiz
Apr 01, 2016
@thinkdigicon supporter @Adv365 sets out its stall for tomorrow's landmark #gcloud event https://t.co/FQraJP2yyg
@24nbiz
Mar 21, 2016
@thinkdigicon supporter @Adv365 explains why it's supporting tomorrow's show https://t.co/2Wj3UECo9s
@24nbiz
Mar 21, 2016
@24n.biz: what's the final agenda for tomorrow's @thinkdigicon #gcloud @GOVUKdigimkt show? https://t.co/6CASi8lrnU
@24nbiz
Mar 21, 2016