New figures have revealed that the Information Commissioner’s Office (ICO) investigated 173 UK law firms for potential data breaches last year.
A total of 187 incidents were recorded, with 29% related to security and 26% related to incorrect disclosure of data.
Protecting confidential client information is one of the most essential requirements of any legal business, and firms must ensure confidentiality to comply with Principle 10 and Outcome 4.1 of the Solicitor’s Regulation Authority (SRA) handbook (attached). The SRA regulates solicitors and law firms in England and Wales, and provides a set of principles that law firms must abide by.
In a world where client information is no longer stored in filing cabinets under lock and key, but instead on mobile devices such as tablets, laptops, USB flashdrives and in the Cloud, it is much more difficult for law firms to control, manage and protect client information.
It is only a matter of time before a high-profile law firm is breached and fined, resulting in clients looking elsewhere.
Timothy Hill, technology policy adviser at the Law Society, said firms needed to start taking cyber threats seriously. Failure to do so, he said, could not only result in direct financial loss but also reputational damage.
Many law firms are now implementing an ISO 27001-compliant information security management system to manage their sensitive information better, while also proving to their clients that they take information security seriously. In fact, four of the top UK law firms have achieved certification to the Standard, including DLA Piper, Clifford Chance, Linklaters and Allen & Overy.
If you’re a law firm looking to improve data protection compliance or security contact JMS Secure Data for a FREE Data Protection Health Check to identify any non-compliant DPA risks in your business.
Book a Data Protection Health Check with our team: Click Here
Speak to One of our Team Now: Call us on 020 3397 9026 (Opt 1)