IT | Security

Legal Professionals Can Be Held Accountable for Data Breaches

By: Absolute Editorial Team | 9/5/2014

Last week we shared with you the thoughts of lawyers Eric Sinrod and Jonathan Armstrong in their Tech Law 10 podcast on the Legal Risks of BYOD. According to the Information Commissioner’s Office (ICO) in the UK, there have been 15 incidents involving members of the legal profession in the last 3 months alone, so this information could not be more timely.

The ICO warns that it can serve a monetary penalty of up to £500,000 for a serious breach of the Data Protection Act provided the incident had the potential to cause substantial damage or substantial distress to affected individuals. While most penalties are issued against companies or public authorities, barristers and solicitors are also at risk as “data controllers” in their own right.

Given the highly sensitive information handled by barristers and solicitors, members of the legal profession have a responsibility to ensure all is done to prevent data breaches. Particular attention, notes the ICO, should be given to paper files, which are often carried around to and from court or may be stored at home.

The ICO published these tips to help barristers and solicitors be more compliant with sensitive information:

  • Keep paper records secure. Don’t leave files in cars. Lock information away when not in use.
  • Consider data minimisation techniques to carry the least amount of data possible
  • Store personal information on an encrypted memory stick or portable device instead of paper, where possible
  • Use secure email practices, using encryption or password protection options
  • Only keep information for as long as is necessary. Securely dispose of unneeded information (paper / devices)
  • Ensure end-of-life device disposal is secure 

For end-of-life IT assets, it’s important to properly dispose of items versus simply placing them in storage or throwing them out. Devices left in storage are often unattended and are at risk for theft or loss. Learn more about the disposal of IT assets here.

For legal professionals, we also recommend using software that can persistently track and secure devices, allowing for remote data delete of sensitive information if theft or loss occurs. Learn more about how Absolute Computrace can help your legal organization remain compliant here.