Post by Fiona Jackson |
During 2014, more than 170 law firms were investigated by the Information Commissioner’s Office (ICO) for potential data breaches. This shows the scale of the data security problem in law firms and potentially across other professional services organisations too. Indeed, the data protection challenge is growing manifold in this digital age and the ICO has already warned barristers and solicitors that a breach of the Data Protection Act 1998 (DPA) could result in fines of up to £500,000.
The fact is that the majority of data protection breaches take place inadvertently, but the consequences can be severe – not just in terms of financial penalty, but more critically by way of reputational damage. If you have Lexis InterAction deployed in your firm, the system can support you in complying with the eight principles of the DPA. InterAction can help you devise and enforce organisation-wide, transparent and robust data protection policies – encompassing areas such as what personal data to collect, how to keep it up-to-date, who should be allowed access it, and so on.
For principle by principle insight into how InterAction can be leveraged for compliance, please review this document.
In addition, do be aware of potential changes either to the law or to its interpretation. In this digital age, as technology evolves and the business environment changes, the ICO will continue to periodically issue guidance and codes of practice in an attempt to ensure that individuals are protected according to the most up-do-date interpretation of the law and its application to new scenarios. Legislative changes to the UK law are also coming in the next couple of years following the reform of the EU data protection Directive, that the UK law implements. Therefore, it’s critical that you comply with the legislation as it stands today – otherwise the complexity of making modifications to accommodate the new Regulation will become much harder.
Please also get in touch with your Client Advisor if you would like to discuss this issue in more detail. This does not constitute legal advice of course, for which it is advisable to seek guidance from a data protection officer or solicitor.