Data protection for law firms Wednesday 13 July 12pm

Slides:

Advertisements

Similar presentations

Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?

Advertisements

Getting data sharing right for every child

BYOD: Privacy and Security Andrew Paterson, Senior Technology Officer.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Audiences NI Data Protection Workshop

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Information Assurance and Information Sharing IMKS Public Sector Forum 7 February 2011 Clare Cowling, Senior Information Governance Adviser Transport for.

Data Protection in Financial Services Are you Seeing the Bigger Picture? 17 September 2008.

HIPAA PRIVACY AND SECURITY AWARENESS.

Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.

Data Protection and Elected Members A Round Table Event From Bradford Council and iNetwork The Banqueting Hall, Bradford 11 th November 2013 Useful links.

Data Protection: What You Need to Know Shauna Dunlop 1 July 2015.

Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.

Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.

AIMS To raise awareness of some of the issues To offer advice on solutions To identify what might be considered as ‘best practice’ To launch new Policies.

Information sharing: the view from the ICO Vicky Cetinkaya, Senior Policy Officer, ICO One Staffordshire Information Sharing Protocol launch event Stafford,

1 PARCC Data Privacy & Security Policy December 2013.

Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.

Breakaway Session 2: Data Protection and The Role of the Data Protection Supervisor Michael Mingle Director, NTSS Solutions (UK) D ATA P ROTECTION C ONFERENCE.

Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.

Information Security January What is Information Security?  Information Security is about the physical security of our equipment and networks as.

Data protection for commissioners Vicky Cetinkaya, Senior Policy Officer, Strategic Liaison Katie Hanrahan, Lead Auditor, Good Practice 2 July 2015.

Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.

Getting data sharing right for every child Maureen H Falconer Senior Policy Officer Information Commissioner’s Office.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

The Evolving IG Lead Role Phil Walker IGA. The IG Lead Role I am constantly surprised by the breadth and variety of work undertaken by IG Leads, but there.

Taking Regulatory Action: The Logic Behind our Decisions Maureen H Falconer Senior Policy Officer Scottish Local Authority Computer Audit Group November.

Data Privacy and Security Data Privacy Self- Assessment Data Security Self- Assessment Video Tips Privacy Legion Newsletter Home ScreenLanding Screen Data.

Handling Personal Data & Security of Information Paula Trim, Information Officer, Children’s Strategic Services, Mon – Thurs 9:15-2:15.

Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.

Records management for the public sector 8 September 2016 Judith Jones - Group Manager Sue Markey - Senior Policy Officer Government and Society.

Information Governance A refresher for all staff who have previously gone through the full course.

The future of data protection: General Data Protection Regulation

Explaining strategies to ensure compliance with workplace legislation

E&O Risk Management: Meeting the Challenge of Change

Data protection for the education sector 4pm Tuesday 28 February

Privacy principles Individual written policies

Data Protection : A Practical Guide

Data Protection Session

GDPR Awareness and Training Workshop

Information Security Seminar

Museums + Heritage webinar, 30 November 2017

GDPR IS A DATA PROTECTION GAME CHANGER

Data Protection on the move Wednesday 14 December 12:30pm

Data protection reform:

GDPR - Individual’s Rights

GENERAL DATA PROTECTION REGULATION (GDPR)

Reporting personal data breaches to the ICO

Collaborative Working & Best Practice

The session will commence at Please mute your microphone

New Data Protection Legislation

GDPR: getting your firm ready

Data protection reform – update from the ICO

Information Governance

G.D.P.R General Data Protection Regulations

Policy Patty Toolkit OUR STORY Patty P. Tehrani

Data Protection principles

Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .

A whistle stop tour of GDPR

D3 Confidentiality.

General Data Protection Regulations 2018

#eaThinkData Get Ready for GDPR #eaThinkData.

Collaborative Working & Best Practice

Understanding Data Protection

Data Protection for SDS Employers Alison Johnston Lead Policy Officer (Scotland) Information Commissioner’s Office.

LO1 - Know about aspects of cyber security

Handling information 14 Standard.

Is your medico-legal practice GDPR compliant?

Getting Ready For GDPR Simon Marks Director

Presentation transcript:

Data protection for law firms Wednesday 13 July 12pm

Freedom of Information Act 2000 Data Protection Act 1998 Privacy and Electronic Communications Regulations 2003 Freedom of Information Act 2000 Environmental Information Regulations 2004

What is “personal data”? “…data which relate to a living individual who can be identified – from those data, or from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller”

ico.org.uk/for-organisations/register Legal requirement when processing electronically Costs £35 per year Virtually all law firms will need to register Registration ico.org.uk/for-organisations/register

Risks in the legal sector ! Risks in the legal sector

Legal sector data security breaches by type in 2015/16 In 2015/16, 4% of all data security incidents reported to the ICO related to solicitors and barristers. That’s 75 out of 1895. Legal sector data security breaches by type in 2015/16 This was a slight decrease of 4% on the previous year. The two main data security issues affecting the legal profession are: Loss and theft of paperwork (27% of incidents in 2015/16) Data being posted or faxed to The incorrect recipient (17% of incidents in 2015/16) 4% of all data security incidents (75 out of 1897) An upward trend throughout the financial year

Incidents by data type The information held by legal professionals is often very sensitive; therefore the damage caused by data security incidents is often substantial and could meet the threshold for issuing a financial penalty. The main data protection issues affecting the legal profession are: Loss and theft of paperwork (27% of incidents in 2015/16) Data being posted or faxed to the incorrect recipient (17% of incidents 2015/16) Loss and theft of unencrypted devices (13% of incidents 2015/16) Data being sent by email to the incorrect recipients (13% of recipients 2015/16) These issues are reflective of the fact that information handled by legal professionals is often held in paper files rather than secured by encryption. Legal professionals will often carry around large quantities of information in folders or files when taking them to or from court, and may store them at home. This can increase the risk of a data breach. These issues are reflective of the fact that information handled by legal professionals is often held in paper files rather than secured by encryption. Legal professionals will often carry around large quantities of information in folders of file when taking them to or from court, and may store them at home. This can increase the risk of a data breach.

Not many examples of law firms themselves receiving CMPs, but these two examples involve internal legal team so the same kind of issues apply

Steps you can take Encrypt electronic devices Adequate physical security Data minimisation Clear policies and procedures Appropriate training Effective access control

Data Protection self assessment toolkit Use our toolkit to assess your compliance with the Data Protection Act and find out what you need to do Data Protection self assessment toolkit ico.org.uk/for-organisations/improve-your practices/data-protection-self-assessment toolkit

Questions about various aspects of compliance

Produce a traffic light report at the end highlighting the risks

Data Protection self assessment toolkit Quote from a lawyer Data Protection self assessment toolkit ico.org.uk/for-organisations/improve-your practices/data-protection-self-assessment toolkit

Advisory Visits

ICO guidance

Subscribe to our e-newsletter at www.ico.org.uk Keep in touch Helpline: 0303 123 1113 Subscribe to our e-newsletter at www.ico.org.uk or find us on… @ICOnews