Information Commissioner sounds alarm over data breaches
The Information Commissioner has warned barristers and solicitors over data security following a number of breaches involving the legal profession.
In the last three months, 15 incidents involving solicitors and barristers have been reported to the Information Commissioner’s Office (ICO).
The ICO warned that legal professionals often carry large quantities of information around with them in folders and files, and may store these at home.
Penalties of up to £500,000 can be served for serious breaches of the Data Protection Action 1998, where the incident could potentially have caused substantial damage or substantial distress to those affected. Barristers and solicitors are generally classed as data controllers and therefore legally responsible for the personal information they process.
Christopher Graham, Information Commissioner, says: “It is important that we sound the alarm at an early stage to make sure this problem is addressed before a barrister or solicitor is left counting the financial and reputational damage of a serious data breach.”
Tom Morrison, IP and commercial partner at Rollits, says: “Anyone can make a mistake, but when a solicitor or barrister makes a mistake with client information it is not just his or her own business which may suffer damage but the client, and depending on the information lost, the client’s customers.
“The key thing is to take the right steps to try to mitigate risk and this is what the ICO is pushing at. Being a good lawyer does not mean taking no risk at all, and it does not mean eliminating every single risk regardless of impact.
“Being a good lawyer does, however, mean making sensible adjustments to the way we work to reduce the risks and then being aware of the residue risk so that it can be properly managed.”