This website uses cookies

This website uses cookies to ensure you get the best experience. By using our website, you agree to our Privacy Policy

Sign Up for our Free Newsletter
Solictors Journal logoSolictors Journal logo
Jean-Yves Gilg

Editor, Solicitors Journal

Data breaches by solicitors and barristers increase by a third

News
Share:
Data breaches by solicitors and barristers increase by a third

By

Sensitive information held by law firms means any breach could warrant intervention by ICO, says lead policy officer

Solicitors and barristers were the subject of 4.5 per cent of all data breaches reported to the Information Commissioner's Office over the last year, an increase of 32 per cent.

Of the breaches reported, 29 per cent were for loss and theft of effective paperwork in 2014/15.

Some 22 per cent of complaints were for data that was posted or faxed to the wrong recipient. Of breaches by data type, basic personal identifiers, health and clinical data, and criminal records came out highest.

Speaking at the Ark Group's 9th regulatory compliance for law firms event, Richard Syers, the ICO's lead policy officer, said one of the biggest issues for firms was that any breach of sensitive information would likely to be substantial and could result in the commissioner's office taking action.

To reduce the risk of data breaches, Syers urged partners and delegates in attendance to encrypt portable electronic devices; minimise data such as redacting the names of individuals on sensitive documents; use clear policies and procedures; provide adequate staff training; and ensure effective access control for users such as restricting access rights to data.

On the future of data protection, Syers said lawyers should not panic about the introduction of the new European Data Protection Regulation, which will replace the current Data Protection Directive 95/46/EC.

The directive was created to regulate the progression of personal data within the EU, while the new regulation is intended to harmonise the data protection laws in place across member states. It will be directly applicable to all EU member states without a need for national legislation.

Syers warned that the new law will be more prescriptive with less room for organisations to comply with stricter regulations. However, he also told delegates not to expect complete change.

'Be aware of it, but don't panic,' he said. 'The best way to be ready for any changes is to be compliant with the current Data Protection Act.'

Matthew Rogers is an editorial assistant at Solicitors Journal matthew.rogers@solicitorsjournal.co.uk | @sportslawmatt