ICO Sounds the alarm over

escalating levels of law firm

data breach

Rather than issue financial penalties, the Information Commissioners

Office (ICO) has opted for a subtler approach to law firm data breach. The
information watchdog has the power to issue fines of up to 500k for
serious breaches of the Data Protection Act but has chosen instead to
issue a warning and reminder to law firms instead. This warning shot
across the bows comes after fifteen breaches over three months from
UK law firms.
The ICO has had its fair share of criticism when it comes to issuing financial penalties; many of those
critics cite the bias toward public bodies that have been singled out for fines. But this is a clear warning
that the ICO has the personal data handlers of all sectors in its sights and fifteen breaches in three
months is surely a trend that needs halting immediately.
Without a doubt, some of the information collected, stored, managed
and deleted by law firms has to be among the most sensitive and
personal of all data. The need for solicitors and barristers to be paragons
of data protection virtue is clear. We are experiencing rising levels of
cybercrime, fraud and hacking but there is also increasing awareness of
how to report it and businesses are now looking to the law to support
them and gain legal redress when their own or their supply chain data is breached or hacked. So the
implications are far reaching; not only from the perspective of the data subjects who may be breached
by their solicitors information handling practices, but from the commercial considerations for solicitors.
Not only could they be facing an eye-watering and potentially practice-closing fine, but even a smaller
fine or ICO notified undertaking could result in loss of credibility and therefore business.

Copyright Advent IM 2015