ICO issues warning to law firms following string of data breaches

ICO issues warning following 15 security breaches at law firms in the past three months

A string of data breaches within the legal profession has led to the Information Commissioner's Office (ICO) issuing a public warning to solicitors and barristers, stating more needs to be done to ensure client information is kept safe.

The warning comes shortly after the ICO encouraged organisations running big data initiatives to be cautious, reminding them that the projects must run within the bounds of data protection laws.

According to the ICO, 15 incidents of data breaches within the legal profession have been reported in the past three months. It represents a worrying statistic, given that the nature of legal work means barristers and solicitors handle sensitive information, which if leaked or misplaced, could put people and cases at risk.

A serious breach of the Data Protection Act could result in a fine of up to £500,000, but on this occasion, Information Commissioner Christopher Graham has opted to "sound the alarm" for legal professionals about the potential consequences of lost data.

"The number of breaches reported by barristers and solicitors may not seem that high, but given the sensitive information they handle, and the fact that it is often held in paper files rather than secured by any sort of encryption, that number is troubling," he said.

"It is important that we sound the alarm at an early stage to make sure this problem is addressed before a barrister or solicitor is left counting the financial and reputational damage of a serious data breach," Graham added.

The ICO has published what it calls "top tips to help barristers and solicitors look after the personal information they handle". This advice includes the recommendation that personal data should be stored on an encrypted memory stick or portable device, password protecting emails containing sensitive data and permanently deleting all information from a hard drive if a computer is being disposed of.

Commenting on the ICO's advice, Richard Anstey, CTO EMEA for collaboration tools provider Intralinks, suggested that cloud storage represents another option available to legal professionals for keeping sensitive information secure.

"In 2014 cloud services represent one of the best ways to store, share and control sensitive information, and offer options to automatically expire content after a set time period to clean up a trail of content after its useful lifetime," he said.

"Likewise, instead of ensuring email is encrypted or password protected, solicitors should not use email at all. Instead, they should employ a secure cloud service that can maintain protection and track access to the file - and also allow you to withdraw privilege after download," Anstey continued, adding that cloud storage doesn't mean "loss of control" over documents.

"On the contrary, with the growth of technologies like information rights management, it is far safer to share documents digitally nowadays. And in addition to added security, it brings other benefits in terms of speed and international sharing and collaboration.

"With technology advances in the cloud, barristers and solicitors can now share but more importantly ‘unshare' documents, destroying access to them at the flick of a switch. Those firms still resisting the move to the digital world should see this advice as a further incentive to do so," Anstey added.