A total of 173 law firms were investigated for potential data protection breaches last year, a Freedom of Information (FOI) request has revealed.
The Information Commissioner's Office (ICO) investigated some 187 Data Protection Act incidents at law firms, of which 29% related to security and 26% related to incorrect disclosure of data. The FOI request was made by encryption specialist Egress Software Technologies.
Information Commissioner Christopher Graham issued a warning last August that a barrister or solicitor could be “left counting the financial and reputational damage of a serious data breach”, after a series of data breach incidents. The Law Society has also raised concerns about the use of cloud computing services in law firms, issuing a practice note last year that this could break the Data Protection Act.
Last year, the 2014 Law Firm File Sharing Survey by LexisNexis revealed that 77% of firms rely on a confidentiality statement to secure communication and nearly half admitted to using free cloud-based file sharing services such as Dropbox to transmit privileged information.
Tony Pepper, CEO at Egress, says: “The warning signs regarding data security within the legal sector have been clear for people to see for some time now.
“What [this FOI] revelation demonstrates is the scale of issue and the number of firms guilty of not providing adequate data security measures in order to protect the highly sensitive client information they manage and share. Organisations in the other market sectors we work with have managed to successfully implement clearly defined DPA policies and technology solutions to protect this information, whilst the majority of law firms have failed to act.”
Tom Morrison, partner at Rollits, says: “While the survey was conducted by an organisation which has an obvious and understandable interest in promoting the use of technology to enhance security, the fact remains that the response to the FOI request does seem to indicate that there is a level of concern when it comes to the protection of personal and other information by lawyers.
“As with any industry, there will be those who do a better job than others in safeguarding information, but it surely must be right that there is a high expectation of all solicitors and barristers given the sensitivity of the information they routinely hold. The ICO has in the past voiced concerns about the data security amongst lawyers and this latest research points to a continuing need for all lawyers to make sure that their systems and processes are appropriate to ensure that clients’ information is kept secure.
“Part of what makes our society tick is that people are meant to be able to place absolute trust in their legal representatives; that trust must extend to the protection of their information.”
