—
The Data Protection Act was first introduced in 1988 and amended again in 2003. The main purpose of the Act is to protect personal and sensitive data that companies and organisations may have regarding employees, clients or patients – basically anyone that holds any details about individuals may be subject to the DPA.
The data can be held in a physical hand written format or electronic data capture, either format may still be subject to the DPA.
In many organisations the security of data is not seen to be a business critical function. However in a recent disclosure by the Information Commissioners Office (ICO), it states that a worrying number of law firms were investigated for breaches of the DPA in 2014. The research highlighted a total of 187 incidents were recorded, with 173 law firms investigated for various data breaches, of which 26% related to incorrect ‘disclosure’ and over 29% related to ‘security’ issues.
These figures highlight the lack of data security measures being applied to highly sensitive information shared and managed by law firms.
The Information Commissioner Christopher Graham has this to say ” It is important that the alarm is rang at an early stage to make sure this problem is addressed before a barrister or solicitor is left counting the financial and reputational damage of a serious data breach”
Another alarming statistic from a recent survey from law firms suggest that a startling 89% of law firms use un-encrypted emails, as the primary source of communication. And that 77% of solicitors rely on the confidentiality statement to secure communications, and nearly half admitted using free cloud based file sharing software such as Dropbox to transmit sensitive information.
These statistic are very worrying for a number of reasons:-
The data either sensitive or not, is not secure and may be in breach of the DPA.
The financial penalties in the event of a serious security breach can be business critical.
And also the damage to a business brand can be severely compromised.
All these issues are real and very alarming to the law firms, however does this impact on any other business sector?
The law firms are managed by educated and knowledgeable individuals and from the above statistics, the firms are failing to secure data and put the business at financial risk. It is therefore also very worrying that other commercial businesses in various sectors also will be at great risk of being in breach of the Data Protection Act.
Philip Hodgson Managing Director of Smile Data Security Ltd commented: ” These statistics are frightening, the people that are fully equipped to understand, and in some cases represent companies for data breaches are themselves not adhering to the DPA. The DPA is in my opinion becoming more and more high profile, and it will continue to strive to protect sensitive data. Companies and organisations need to respect the DPA and commit the necessary resources for implementing procedures and policies to protect their business, and make available the financial budget to ensure data is fully protected.”
Release ID: 80771