ICO Puts Legal Profession In The Dock Over Data Breaches

The Information Commissioner’s Office (ICO) has expressed concerns at the number of data breaches involving barristers and solicitors, after 15 incidents involving members of the legal profession  were reported in the past three months.

It has reminded the industry that it has to keep personal information secure as it is often very sensitive, which means the scope for damage from a data breach “could meet the statutory threshold for issuing a financial penalty.” This could mean a penalty of up to £500,000 for a serious breach of the Data Protection Act.

Troubling Breaches

The ICO is especially concerned because the legal profession still tends to be mostly paper based, and legal professionals also often carry around large quantities of information in folders or files when taking them to or from court, or storing them at home – increasing the risk of a data breach.

“The number of breaches reported by barristers and solicitors may not seem that high, but given the sensitive information they handle, and the fact that it is often held in paper files rather than secured by any sort of encryption, that number is troubling,” said the Information Commissioner, Christopher Graham.

“It is important that we sound the alarm at an early stage to make sure this problem is addressed before a barrister or solicitor is left counting the financial and reputational damage of a serious data breach,” said Graham.

He said that the ICO has published a number of tips to help barristers and solicitors look after the personal information they handle. This includes advice on how to keep paper documents secure and not leave them in a car overnight, but instead lock the information away when not in use.

The ICO also advised lawyers to consider data minimisation techniques in order to ensure they are only carrying the information they require. It also advised them to store personal information on an encrypted memory stick.

ICO Breach

Lawyers should also consider when emailing personal information, whether the information needs to be encrypted or password protected. The ICO also said information should be deleted or disposed of securely no longer need it.

Last month, the ICO faced criticism when it admitted its own staff had breached data privacy regulations in the past 12 months. The “non-trivial incident” was apparently hidden inside the 84-page annual report, which is the same document in which information commissioner Christopher Graham asked for more powers and more funding for the UK’s privacy watchdog.

What do you know about ICO and its counterparts? Take our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

OpenAI In Talks With California Over For-Profit Shift

OpenAI reportedly begins early talks with California attorney general over complex transition from nonprofit to…

1 hour ago

EU To Assess Apple’s iPad Compliance Plans

European Commission says it will review Apple's iPad compliance with DMA rules as it seeks…

2 hours ago

James Dyson Says ‘Spiteful’ Budget Will Kill Start-Ups

James Dyson delivers most high-profile criticism so far of Labour's first Budget that raises £40bn…

2 hours ago

Nvidia, Meta Ask Supreme Court To Axe Investor Lawsuits

Nvidia, Meta bring cases before US Supreme Court this month seeking tighter limits on investors'…

3 hours ago

Nvidia To Replace Intel On Dow Jones Industrial Average

Nvidia to replace Intel this week on Dow Jones Industrial Average after years of turmoil…

3 hours ago

Toyota-Backed Joby Flies ‘Air Taxi’ In Japan

Joby Aviation and Toyota Motor complete demonstration flight in Shizuoka as companies prepare to bring…

4 hours ago