Andy Bevan at Pulsant discusses policy policing
It has been more than a year since the compliance deadline for the General Data Protection Regulation (GDPR) came into effect and we’re now seeing the impact of this new legislation. A case in point is the £183m fine issued to British Airways for a data breach last year. Yes, customers were affected. Yes, BA will no doubt feel the financial impact – but for firms in the legal space the consequences of data loss are even more far-reaching.
Data protection remains critical. This isn’t another article about GDPR. But it is about data – how we use it, store it, transmit it, and who has access to it. In today’s business environment, with increased cyber risk, compliance issues and a change in the way we work, data is more important than ever before.
Law firms need to make sure they’ve got the right processes in place to mitigate risk. They have a duty of care to clients and keeping their data confidential, and to employees to make sure they’ve got the tools needed to maintain that confidentiality.
In practice, this means there are three key policies every law firm should develop and implement:
1. An email usage policy – governing how emails are used, what data can be included, and what needs to be encrypted
2. An internet usage policy – that includes technical controls to protect against the spread of malware and accessing questionable sites
3. A data-protection policy – which will be specific to the different types of data used within the firm, how they’re stored and how they can be transmitted...