The UK Information Commissioner’s Office has issued a warning to barristers and solicitors about the risks of data breaches – see Information Commissioner ‘sounds the alarm’ on data breaches within the legal profession.
It is tempting to think of this subject as involving deeply technical IT security protection and, indeed, this aspect is something which should concern lawyers, not least because IT increasingly concerns their clients.
In practice, the events which attract attention arise at a more mundane level. Oxfordshire County Council is in trouble after confidential papers were found blowing down the street. The Treasury Solicitor was recently named and shamed for releasing disclosure documents which included personal information which should have been redacted. Most weeks bring an appalled tweet from someone who has overheard lawyers giving away their clients’ secrets on trains and in bars, or spreading out their papers for all to see.
It is not just that lawyers are usually to be regarded as data controllers and therefore subject to penalties of up to £500,000. Whatever else clients expect from their lawyers it is that they will keep their secrets, and it does one’s reputation no good even if no loss actually results from the careless release of client information.
The subject has made it to the non-legal press, with an article in the Telegraph called Lawyers must step up data protection measures after series of breaches, says watchdog. That means that the clients may well start asking their lawyers about their security arrangements. It would be good to have your answer ready.