ICO probed 173 law firms last year over data breach fears

Some 173 law firms were investigated by the Information Commissioner’s Office (ICO) for alleged breaches of the Data Protection Act last year, according to figures obtained by Egress Software Technologies.

A freedom of information request from the firm revealed that in 187 incidents almost a third concerned data security whilst a quarter was linked to incorrect "disclosure of data".

Tony Pepper, chief executive at Egress, said: "The warning signs regarding data security within the legal sector have been clear for people to see for some time now.

"What today’s revelation demonstrates is the scale of issue and the number of firms guilty of not providing adequate data security measures in order to protect the highly sensitive client information they manage and share.

Under the mandate of the ICO the type of data held by law firms, which can include highly sensitive personal information on relationships, health and private life, is seen as particularly worthy of protection.

Many of the fines issued by the ICO in the past have hit councils and health trusts inadvertently leaking such information, and the office has just been handed new powers to audit the data security of the NHS.

"For whatever reason, there seems to have been a major disconnect between the priority placed on protecting this data and the consequences of a breach," Egress added.

"Organisations in the other market sectors we work with have managed to successfully implement clearly defined Data Protection Act policies and technology solutions to protect this information, whilst the majority of law firms have failed to act."

A spokesman from the ICO said: "Last year we issued a warning to law firms highlighting the need to keep the sensitive personal information they handle secure. A serious data breach not only carries the threat of a fine of up to £500,000 but can also have a considerable impact on a legal professional’s career and their firm’s reputation.

"The sensitive nature of the information the average barrister or solicitor will handle means that they will need to take particular care to keep this information secure, for example by making sure laptops and other devices containing sensitive details are securely encrypted."