Donal Mc Guire- Waterford Technologies
A news release issued on the 5 August 2014 by the Information Commissioner makes for essential reading for every solicitor and barrister in all parts of the United Kingdom.
It warns all lawyers to ensure that they keep personal information secure, emphasising the need to be fully compliant with the provisions of the Data Protection Act 1998. The Commissioner is concerned that there have been 15 reported incidents involving members of the legal profession in the last three months. There are approximately 174,000 qualified solicitors and barristers in England and Wales; 3,200 in Northern Ireland and 11,200 in Scotland. 15 reported incidents might not be regarded as being particularly worrying or worthy of concern at first blush. The incidents represent less than 0.008% of the legal profession in the United Kingdom. But as the news release emphasises the information handled by lawyers is often very sensitive. Accordingly the damage caused by any breach is likely to meet the statutory threshold for issuing a financial penalty – a contravention of a kind likely to cause substantial damage or substantial distress. Serious breaches of the act can lead to the service of a monetary penalty notice of up to £500,000. There has been an increase in the number of such notices served in the last twelve months and many are for tens of thousands of pounds. For example on 26th August it was announced that a monetary penalty notice had been served on the Ministry of Justice for £180,000 over serious failings in the way prisons in England and Wales have been handling people’s information. There has been a significant increase in the number of firms of solicitors establishing departments that specialise in compensation claims for breaches of the Data Protection Act.
The press release sets out a number of tips to help barristers and solicitors keep the personal information they handle secure. They are as follows:
- Keep paper records secure. Do not leave files in your car overnight and do lock information away when it is not in use.
- Consider data minimisation techniques in order to ensure that you are only carrying information that is essential to the task in hand.
- Where possible, store personal information on an encrypted memory stick or portable device. If the information is properly encrypted it will be virtually impossible to access it, even if the device is lost or stolen.
- When sending personal information by email consider whether the information needs to be encrypted or password protected. Avoid the pitfalls of auto-complete by double checking to make sure the email address you are sending the information to is correct.
- Only keep information for as long as is necessary. You must delete or dispose of information securely if you no longer need it.
- If you are disposing of an old computer, or other device, make sure all of the information held on the device is permanently deleted before disposal.
Following these tips and applying the guidance contained therein are necessary steps to be taken by all lawyers to ensure compliance with the act and safeguard against being named and shamed by the Information Commissioner. An effective Email Archiving system and an email usage policy that is properly enforced and monitored will go a long way to assist with compliance with the Act. Although, if one can be fined up to £500,000 naming and shaming might be the least of one’s worries.