ICO sounds the alarm on data breaches within the legal profession
Submit Articles Back to Articles
5 August 2014
The Information Commissioner’s
Office (ICO) is warning barristers and solicitors to keep personal
information secure, especially paper files. This follows a number of
data breaches reported to the ICO involving the legal profession.
The ICO can serve a monetary
penalty of up to £500,000 for a serious breach of the Data Protection
Act provided the incident had the potential to cause substantial damage
or substantial distress to affected individuals. In most cases these
penalties are issued to companies or public authorities, but barristers
and solicitors are generally classed as data controllers in their own
right and are therefore legally responsible for the personal
information they process.
In the last three months, 15
incidents involving members of the legal profession have been reported
to the ICO. The information handled by barristers and solicitors is
often very sensitive. This means that the damage caused by a data
breach could meet the statutory threshold for issuing a financial
penalty. Legal professional
s will also often carry
around large quantities of information in folders or files when taking
them to or from court, and may store them at home. This can increase
the risk of a data breach.
Christopher Graham, said:
“The number of breaches
reported by barristers and solicitors may not seem that high, but given
the sensitive information they handle, and the fact that it is often
held in paper files rather than secured by any sort of encryption, that
number is troubling. It is important that we sound the alarm at an
early stage to make sure this problem is addressed before a barrister
or solicitor is left counting the financial and reputational damage of
a serious data breach.
“We have published some top
tips to help barristers and solicitors look after the personal
information they handle. These measures will set them on the road to
compliance and help them get the basics right.”
The ICO has published the
following top tips to help barristers and solicitors keep the personal
information they handle secure.
- Keep paper records secure. Do
not leave files in your car overnight and do lock information away when
it is not in use.
- Consider data minimisation
techniques in order to ensure that you are only carrying information
that is essential to the task in hand.
- Where possible, store personal
information on an encrypted memory stick or portable device. If the
information is properly encrypted it will be virtually impossible to
access it, even if the device is lost or stolen.
- When sending personal
information by email consider whether the information needs to be
encrypted or password protected. Avoid the pitfalls of auto-complete by
double checking to make sure the email address you are sending the
information to is correct.
- Only keep information for as
long as is necessary. You must delete or dispose of information
securely if you no longer need it.
- If you are disposing of an old
computer, or other device, make sure all of the information held on the
device is permanently deleted before disposal.
The ICO is currently working
with The Bar Council to update the Information Security Guidance
provided to Barristers in England and Wales.
The ICO website includes further
guidance on the
security measures that should be in place when
handling personal information. The ICO has also published a
blog explaining the
importance of encryption and the options available to barristers and
solicitors who need to encrypt their
- The Information Commissioner’s
Office upholds information rights in the public interest, promoting
openness by public bodies and data privacy for individuals.
- The ICO has specific
responsibilities set out in the Data Protection Act 1998, the Freedom
of Information Act 2000, Environmental Information Regulations 2004 and
Privacy and Electronic Communications Regulations 2003.
- Anyone who
processes personal information must comply with eight principles of the
Data Protection Act, which make sure that personal information is:
- Fairly and lawfully
- Processed for
- Adequate, relevant
and not excessive
- Accurate and up to
- Not kept for longer
than is necessary
- Processed in line
with your rights
- Not transferred to other
countries without adequate protection
About the Author
The Information Commissioner’s Office is the UK’s
independent authority set up to uphold information rights in the public
interest, promoting openness by public bodies and data privacy for
individuals. We do this by promoting good practice, ruling on
complaints, providing information to individuals and organisations and
taking appropriate action when the law is broken.
The ICO enforces and oversees the following
- Data Protection Act 1998
- Freedom of Information Act 2000
- Privacy and Electronic Communications
- Environmental Information Regulations
Follow us @Scopulus_News
Article Published/Sorted/Amended on Scopulus 2014-08-05 11:16:50 in Business Articles
All ICO Articles