The recent case of former lawyers at ACS: Law, being served with a penalty after leaking personal data, has put the data security policies of law firms under the microscope.
Although many legal practices are conscious of their confidential data responsibilities and have data protection policies in place, more can still be done. In May, the data controller of the former law firm ACS: Law was served with a penalty of £1,000 after the personal details of more than 8,000 Sky broadband customers, 400 Plusnet customers and 5,000 Britons were exposed in 2010.
Law firms deal with vast amounts of highly confidential data because of the nature of their business and must be vigilant to data thieves.
The Information Commissioner’s Office is now imposing fines of up to £500,000 on law firms found guilty of breaching the Data Protection Act by exposing personal information. Anthony Pearlgood, commercial director of national shredding company PHS Datashred, and former Chairman of the BSIA’s Information Destruction section, said: “Law firms must keep strict control over the vast amounts of highly confidential data they deal with. The nature of their business means they have a duty to destroy confidential data.”
Tips to prevent data leaks in law firms
Create a confidential data policy – if you don’t have one already you are already in the high risk category for being a victim of data theft. Store & dispose of data safely – don’t assume that binning it is the end of the matter. Criminals often rifle through bins in car parks where confidential data has been poorly disposed of. Destroy data properly – arrange for a properly accredited company to help store, collect and securely destroy information. Ensure you know where your data is heading. Even better, have your data destroyed on site, using a mobile shredding vehicle and watch the destruction.
Check identities – use credit reference agencies to verify the identity of your preferred suppliers. Secure your accounts – don’t allow bank details to escape into the public domain. Thieves are adept at falsifying signatures. Inform staff – train staff on how to deal with confidential data properly and monitor their behaviour. Remember, most fraud is committed by people who work within the organisation. Beware of carrying large amounts of confidential data on unencrypted laptops, data sticks or mobile devices such as Blackberrys and iPhones. These small portable gadgets are magnets for thieves who can exploit your confidential information.
A new study from Protiviti, the global business consulting and internal audit firm, reveals that the majority of UK employees have not been provided with clear guidance on using social media networking sites. Of those with access to social media in the workplace, almost 39 percent indicated that there is no policy in place regarding social media networking and a further 24 percent are unaware of any such policies.
Protiviti says companies without adequate social media policies are placing themselves at risk of security breaches and reputational damage, among other issues.
Social media usage in the workplace has grown enormously in recent years with more than half (51 percent) of workers surveyed now claiming to engage with a social networking site whilst at work
Almost a third (30percent) of workers use sites such as Twitter, Facebook and LinkedIn on a daily basis, while more than 5% do so several times an hour
Workers aged 18-24 years are the most regular users of social networking sites, with one in five (21 percent) claiming to engage with them several times an hour
Protiviti believes that a generational divide in the workplace poses a threat to firms with senior managers often unaware of whether their company’s HR and IT policies are adequate.