Identifying information security risks—law firms
Produced in partnership with DG Legal
Identifying information security risks—law firms

The following Practice Compliance practice note produced in partnership with DG Legal provides comprehensive and up to date legal information covering:

  • Identifying information security risks—law firms
  • Identifying what information you hold, manage or are responsible for
  • Classes of information
  • What information is held by the firm and where?
  • What is actually done with it: processing
  • Identifying and mitigating information risks
  • Securing information and data

Identifying information security risks—law firms

This Practice Note is intended to help you:

  1. identify the information and data that your firm holds and that your firm is responsible for (sometimes called your information assets)

  2. determine the associated risks (the information risks)

  3. consider how information risks can be mitigated or removed altogether

The amount of time spent identifying and managing information and associated risks will vary from firm to firm and will depend on many factors such as the size of the firm and the degree to which it holds and processes information and data, including personal data.

Identifying what information you hold, manage or are responsible for

There are a number of management tools you can use to assist you to identify what information you hold and are legally responsible for.

One example of a management tool is an information audit.

An information audit is a process through which you:

  1. identify and consider all of the information you hold (or are responsible for), and

  2. consider how and why the information is processed

To undertake an effective audit, you need to consider each class of information you hold and, for each class, determine:

  1. what information is held

  2. why it is held

  3. how it is held and where, and

  4. what is actually done with it

Once the audit is complete, you will be in a position to

Popular documents