Accessibility Links

ICO: Lawyers must guard against data breaches

Posted by: Laurence Simons 06/11/13

The Information Commissioner's Office (ICO) has warned that in-house lawyers are among the most vulnerable workers to data breaches, as well as pointing out that concerns over high-tech hacking may be misplaced.

While the idea of evil geniuses remotely accessing computers in a bid to take over the world is an appealing one, the reality of information security is more mundane: human mistakes tend to lead to the most problems.

Catherine Bamford, a senior ICO solicitor, told the Lawyer magazine figures for the past quarter show the office handled only seven cases of private information erroneously uploaded to websites.

Instead of cyber issues, the majority of problems emerge from old-fashioned cases of stolen laptops and other portable devices containing unencrypted information, with paper documents and even fax machines also involved.

It is clear that general counsel need to do more to ensure staff keep their data secure at all times, especially given some of the specific issues involved in the legal profession.

Because courts still rely on paper-based information in a lot of cases, the increasingly anachronistic method of fax remains in use.

"We've had cases where both barristers and solicitors have sent to courts faxes containing highly sensitive information. The document then either sits in a tray without the lawyer confirming it has been collected or the lawyer presses the wrong button and sends information to a completely random fax machine," warned Ms Bamford.

Simply by entering one digit incorrectly, lawyers can end up sending sensitive data to somewhere it was not intended to go.

Until the courts change their arcane procedures the use of this technology will remain necessary, meaning vigilance is called for.

Lawyers should also be wary of taking paper out of the office when dealing with a heavy workload or hoping to escape the striplights and do some reading in a nice cafe.

Ms Bamford argued that only carrying the information they need (rather than allowing papers to knock around in their bag for months) can reduce the risk of a breach occurring.