72 legal data breaches escalated to the Information Commissioner’s Office in 2014
A Freedom of Information request has revealed the number of data breaches reported to the Information Commissioner’s Office (ICO) during 2014. A total of 72 incidents came to light in which private data was mistakenly made available to the public by legal firms. The incidents included flaws within internal systems, poor processes and human error. Some of the key stats are summarised below:
The most common source of breaches was data being mailed, faxed or emailed to the wrong recipient in error. These simple human mistakes accounted for almost a third (23) of the incidents;
Closely following this was the loss or theft of physical paperwork. These breaches accounted for 21 of the incidents;
Devices passing out of the control of the legal firm with unencrypted information on them was another prominent cause of breaches (11);
Interestingly, data being hacked maliciously only accounted for one incident all year.
Paul Doble, chief sales and marketing officer at DX, an independent secure mail operator for the legal industry, comments:
“With the exception of certain civil servants, there is arguably no other profession that has quite as much responsibility for handling confidential information than the legal sector; an issue compounded by the fact that the information often belongs to other companies and interests. As such, the pressure on the legal industry to become watertight where private data is concerned is mounting. Security is particularly hard to guarantee and track with information on physical documents, and is easily compromised as documents pass through the UK’s mainstream mail networks. Whilst legal firms focus increasingly on cyber security, thought must also be spared for the secure transit of physical information. Sending documents through a secure postal network is a sure fire way to stop unencrypted information falling into the wrong hands.
Perhaps the biggest surprise revealed by the Freedom of Information request is not the quantity of breaches being reported, but the nature of the causes. Far outweighing hacking is the prevalence of human error, with accidental disclosures through mis-sent communications providing the leading cause. Email in particular is an undeniably necessary communication medium in today’s working world, but firms need to ensure they are doing the minimum due diligence required to ensure that confidential information can’t be shared with the wrong person or left vulnerable to attack.
In addition to providing this vital protection, email encryption can also provide the missing piece in the jigsaw that law firms need to satisfy industry regulators, as it will allow them to demonstrate that they are compliant with the latest data protection regulations.”