4 easy ways to protect client information and avoid a fine

As we commemorated the outbreak of World War One it brought to mind the posters that sprang up in World War Two with the words: “Walls Have Ears”. It might be a good mantra for law firms and their employees to bear in mind today. While careless talk may not cost lives, it could be expensive.

The Information Commissioner’s office (ICO) has recently published a warning to barristers and solicitors to keep personal information secure with threats of monetary penalties of up to £500,000 for the most serious breaches of data protection legislation. The warning follows a number of data breaches reported to the ICO involving the legal profession.

But it’s not just the ICO lawyers have to worry about – the SRA and Bar Council are clear that client confidentiality is a key requirement. The Law Society has also published a Practice Note on information security.

So what can you do?

image31. Do not to talk about work in public

In fact, consider not working in public at all – whether using a tablet/laptop or paper copies of work. I was recently joined on a train at Clapham Junction by a lady who proceeded to read “commercially sensitive” documents. She was completely oblivious to the fact that I could have taken a photo of the top page on my mobile phone and could easily have uploaded the picture to Twitter or another social network if I had been so minded. As well as being overheard or overlooked, you could easily leave behind files, bags, or USBs etc. It is easy to do, so ensure you take care with sensitive and confidential files.

image42. Be aware of the pitfalls of social media sharing

Do you share the places you visit with LinkedIn and/or Twitter followers? Could people put two and two together? It won’t always be obvious, but if for example you are visiting a telecoms client in Newbury, perhaps you should not mention it on Twitter, as it does not take much to work out you are (probably) visiting Vodafone. It may be that there has been some speculation concerning that client, so if you say that you are off to where that client is located, and it is well known that your firm advises that client, a journalist may well prick their ears up and start rummaging.

image13. Remember to encrypt all confidential information

Make sure that computer systems are password protected and that sensitive files are subject to further security. If you send CDs, USBs etc through the post to clients consider encryption. If you send hard copy documents in the post consider whether you should you be sending them at all – or whether there is a safer way of getting the information to your client.

image2

4. Dispose of confidential waste and sensitive documents according to company procedures

What happens when you work on sensitive documents at home – are you shredding them or just throwing them in the recycling bin? Have your law firm’s confidentiality clauses for employees been reviewed recently? What are the procedures for employees that leave the firm? If you use personal mobile devices for work what are the protocols for their use?

The key issue is not to put your faith in technology – human error is more likely than a lapse in IT security. Common sense is the best defence.

Lexis®PSL subscribers can enjoy expert guidance on numerous topics, such as this one. If you are not a subscriber, you can take a free trial of Lexis®PSL here.

Relevant Articles
Area of Interest