View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

ICO probed 173 law firms last year over data breach fears

Figures highlight lax data security despite public warnings.

By Jimmy Nicholls

Some 173 law firms were investigated by the Information Commissioner’s Office (ICO) for alleged breaches of the Data Protection Act last year, according to figures obtained by Egress Software Technologies.

A freedom of information request from the firm revealed that in 187 incidents almost a third concerned data security whilst a quarter was linked to incorrect "disclosure of data".

Tony Pepper, chief executive at Egress, said: "The warning signs regarding data security within the legal sector have been clear for people to see for some time now.

"What today’s revelation demonstrates is the scale of issue and the number of firms guilty of not providing adequate data security measures in order to protect the highly sensitive client information they manage and share.

Under the mandate of the ICO the type of data held by law firms, which can include highly sensitive personal information on relationships, health and private life, is seen as particularly worthy of protection.

Many of the fines issued by the ICO in the past have hit councils and health trusts inadvertently leaking such information, and the office has just been handed new powers to audit the data security of the NHS.

"For whatever reason, there seems to have been a major disconnect between the priority placed on protecting this data and the consequences of a breach," Egress added.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

"Organisations in the other market sectors we work with have managed to successfully implement clearly defined Data Protection Act policies and technology solutions to protect this information, whilst the majority of law firms have failed to act."

A spokesman from the ICO said: "Last year we issued a warning to law firms highlighting the need to keep the sensitive personal information they handle secure. A serious data breach not only carries the threat of a fine of up to £500,000 but can also have a considerable impact on a legal professional’s career and their firm’s reputation.

"The sensitive nature of the information the average barrister or solicitor will handle means that they will need to take particular care to keep this information secure, for example by making sure laptops and other devices containing sensitive details are securely encrypted."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.