View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

ICO probed 173 law firms last year over data breach fears

Figures highlight lax data security despite public warnings.

By

Some 173 law firms were investigated by the Information Commissioner’s Office (ICO) for alleged breaches of the Data Protection Act last year, according to figures obtained by Egress Software Technologies.

A freedom of information request from the firm revealed that in 187 incidents almost a third concerned data security whilst a quarter was linked to incorrect "disclosure of data".

Tony Pepper, chief executive at Egress, said: "The warning signs regarding data security within the legal sector have been clear for people to see for some time now.

"What today’s revelation demonstrates is the scale of issue and the number of firms guilty of not providing adequate data security measures in order to protect the highly sensitive client information they manage and share.

Under the mandate of the ICO the type of data held by law firms, which can include highly sensitive personal information on relationships, health and private life, is seen as particularly worthy of protection.

Many of the fines issued by the ICO in the past have hit councils and health trusts inadvertently leaking such information, and the office has just been handed new powers to audit the data security of the NHS.

"For whatever reason, there seems to have been a major disconnect between the priority placed on protecting this data and the consequences of a breach," Egress added.

Content from our partners
The growing cybersecurity threats facing retailers
Cloud-based solutions will be key to rebuilding supply chains after global stress and disruption
How to integrate security into IT operations

"Organisations in the other market sectors we work with have managed to successfully implement clearly defined Data Protection Act policies and technology solutions to protect this information, whilst the majority of law firms have failed to act."

A spokesman from the ICO said: "Last year we issued a warning to law firms highlighting the need to keep the sensitive personal information they handle secure. A serious data breach not only carries the threat of a fine of up to £500,000 but can also have a considerable impact on a legal professional’s career and their firm’s reputation.

"The sensitive nature of the information the average barrister or solicitor will handle means that they will need to take particular care to keep this information secure, for example by making sure laptops and other devices containing sensitive details are securely encrypted."

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED
THANK YOU