Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data protection for law firms Wednesday 13 July 12pm

Published byStewart Carter Modified over 6 years ago

Similar presentations

Presentation on theme: "Data protection for law firms Wednesday 13 July 12pm"— Presentation transcript:

1

2 Data protection for law firms Wednesday 13 July 12pm

3 Freedom of Information Act 2000
Data Protection Act 1998 Privacy and Electronic Communications Regulations 2003 Freedom of Information Act 2000 Environmental Information Regulations 2004

4 What is “personal data”?
“…data which relate to a living individual who can be identified – from those data, or from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller”

5

6 ico.org.uk/for-organisations/register
Legal requirement when processing electronically Costs £35 per year Virtually all law firms will need to register Registration ico.org.uk/for-organisations/register

7 Risks in the legal sector
! Risks in the legal sector

8 Legal sector data security breaches by type in 2015/16
In 2015/16, 4% of all data security incidents reported to the ICO related to solicitors and barristers. That’s 75 out of 1895. Legal sector data security breaches by type in 2015/16 This was a slight decrease of 4% on the previous year. The two main data security issues affecting the legal profession are: Loss and theft of paperwork (27% of incidents in 2015/16) Data being posted or faxed to The incorrect recipient (17% of incidents in 2015/16) 4% of all data security incidents (75 out of 1897) An upward trend throughout the financial year

9 Incidents by data type The information held by legal professionals is often very sensitive; therefore the damage caused by data security incidents is often substantial and could meet the threshold for issuing a financial penalty. The main data protection issues affecting the legal profession are: Loss and theft of paperwork (27% of incidents in 2015/16) Data being posted or faxed to the incorrect recipient (17% of incidents 2015/16) Loss and theft of unencrypted devices (13% of incidents 2015/16) Data being sent by to the incorrect recipients (13% of recipients 2015/16) These issues are reflective of the fact that information handled by legal professionals is often held in paper files rather than secured by encryption. Legal professionals will often carry around large quantities of information in folders or files when taking them to or from court, and may store them at home. This can increase the risk of a data breach. These issues are reflective of the fact that information handled by legal professionals is often held in paper files rather than secured by encryption. Legal professionals will often carry around large quantities of information in folders of file when taking them to or from court, and may store them at home. This can increase the risk of a data breach.

10 Not many examples of law firms themselves receiving CMPs, but these two examples involve internal legal team so the same kind of issues apply

11 Steps you can take Encrypt electronic devices
Adequate physical security Data minimisation Clear policies and procedures Appropriate training Effective access control

12 Data Protection self assessment toolkit
Use our toolkit to assess your compliance with the Data Protection Act and find out what you need to do Data Protection self assessment toolkit ico.org.uk/for-organisations/improve-your practices/data-protection-self-assessment toolkit

13 Questions about various aspects of compliance

14 Produce a traffic light report at the end highlighting the risks

15 Data Protection self assessment toolkit
Quote from a lawyer Data Protection self assessment toolkit ico.org.uk/for-organisations/improve-your practices/data-protection-self-assessment toolkit

16 Advisory Visits

17 ICO guidance

18 Subscribe to our e-newsletter at www.ico.org.uk
Keep in touch Helpline: Subscribe to our e-newsletter at or find us on… @ICOnews

Download ppt "Data protection for law firms Wednesday 13 July 12pm"

Similar presentations

Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?

Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?
Getting data sharing right for every child

Getting data sharing right for every child
BYOD: Privacy and Security Andrew Paterson, Senior Technology Officer.

BYOD: Privacy and Security Andrew Paterson, Senior Technology Officer.
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Information Assurance and Information Sharing IMKS Public Sector Forum 7 February 2011 Clare Cowling, Senior Information Governance Adviser Transport for.

Information Assurance and Information Sharing IMKS Public Sector Forum 7 February 2011 Clare Cowling, Senior Information Governance Adviser Transport for.
Data Protection in Financial Services Are you Seeing the Bigger Picture? 17 September 2008.

Data Protection in Financial Services Are you Seeing the Bigger Picture? 17 September 2008.
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.
Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.
Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.

Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.
Data Protection and Elected Members A Round Table Event From Bradford Council and iNetwork The Banqueting Hall, Bradford 11 th November 2013 Useful links.

Data Protection and Elected Members A Round Table Event From Bradford Council and iNetwork The Banqueting Hall, Bradford 11 th November 2013 Useful links.
Data Protection: What You Need to Know Shauna Dunlop 1 July 2015.

Data Protection: What You Need to Know Shauna Dunlop 1 July 2015.
Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.

Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.
Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.

Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.
AIMS To raise awareness of some of the issues To offer advice on solutions To identify what might be considered as ‘best practice’ To launch new Policies.

AIMS To raise awareness of some of the issues To offer advice on solutions To identify what might be considered as ‘best practice’ To launch new Policies.
Information sharing: the view from the ICO Vicky Cetinkaya, Senior Policy Officer, ICO One Staffordshire Information Sharing Protocol launch event Stafford,

Information sharing: the view from the ICO Vicky Cetinkaya, Senior Policy Officer, ICO One Staffordshire Information Sharing Protocol launch event Stafford,
1 PARCC Data Privacy & Security Policy December 2013.

1 PARCC Data Privacy & Security Policy December 2013.
Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.

Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.
Breakaway Session 2: Data Protection and The Role of the Data Protection Supervisor Michael Mingle Director, NTSS Solutions (UK) D ATA P ROTECTION C ONFERENCE.

Breakaway Session 2: Data Protection and The Role of the Data Protection Supervisor Michael Mingle Director, NTSS Solutions (UK) D ATA P ROTECTION C ONFERENCE.

Similar presentations

Ads by Google