Mitigating information and data security risks—law firms
Produced in partnership with DG Legal
Mitigating information and data security risks—law firms

The following Practice Compliance practice note produced in partnership with DG Legal provides comprehensive and up to date legal information covering:

  • Mitigating information and data security risks—law firms
  • Layered approach
  • Policies and procedures
  • Securing and protecting data in the office
  • Securing data on-the-move
  • Using security software
  • Staff awareness and training
  • External contractors
  • Minimising data
  • Additional steps

Mitigating information and data security risks—law firms

You must take appropriate technical and organisational measures against unauthorised or unlawful processing of, and accidental loss of or damage to, personal data.

Not all information security breaches are IT related—human error is also great threat.

The implications for your business of any loss of confidential data, however incurred, can be severe:

  1. loss of your own data can prejudice your ability to complete work and is likely to increase the chances of error and omission claims

  2. loss of your clients’ data is very likely to lose you clients, damage your reputation and any loss of confidential data is likely to impact on your bottom line

  3. significant fines can be imposed by the Information Commissioner's Office (ICO) under the data protection regime

This Practice Note considers practical steps you can take to seek to improve and maintain information and data security. See further our Precedent: Information security review—law firms, that contains links to relevant precedents and guidance in Lexis®PSL Practice Compliance, to help you get and keep your systems in shape to ensure your and your client's data is secure.

Layered approach

Guidance from the ICO suggests that, rather than rely on a single tool or product to minimise the risk of information security breaches, firms should consider having a layered approach, combining a number of different security measures.

The idea is that if one

Popular documents