New research exposes law firms' disregard to data protection

A recent Freedom of Information request carried out by the Information Commissioner’s Office (ICO) has revealed that 173 law firms were responsible for breaching the Data Protection Act in 2014, with 187 incidents recorded.

The study further shows that, of these incidents, 29 per cent related to security and 26 per cent related to incorrect disclosure of data.

Egress Software, the company that released the findings, said that these figures demonstrate a worrying lack of care and security, citing a warning from Information Commissioner Christopher Graham in August 2014 stating the importance for law firms “to sound the alarm at an early stage to make sure [the] problem is addressed before a barrister or solicitor is left counting the financial and reputational damage of a serious data breach.”

Results of the ‘2014 Law Firm File Sharing Survey’ also showed that 89 per cent of law firms use unencrypted email as the primary means of communication. Moreover, of the 77 per cent of firms relying on a confidentiality statement to secure communication, nearly half admitted to using free cloud-based file sharing services such as Dropbox to transmit ‘privileged information’.

The Law Society issued a practice note warning that the use of cloud computing services in law firms could break the Data Protection Act.

“What today’s revelation demonstrates is the scale of issue and the number of firms guilty of not providing adequate data security measures in order to protect the highly sensitive client information they manage and share.

"For whatever reason, there seems to have been a major disconnect between the priority placed on protecting this data and the consequences of a breach,” Egress CEO Tony Pepper said.