ALL LAWYERS PLEASE FAMILIARISE YOURSELF WITH THE INFORMATION COMMISSIONER’S WEBSITE NOW. Look in particular at the section on “What we cover > Taking Action” and the two Money Penalty Notices issued so far. WORRIED?
I’d like to meet one lawyer, one firm, one set of chambers that genuinely thinks it is not vulnerable to this kind of data breach and subsequent eyewatering fine. I’m pretty serious about confidentiality and consider myself relatively switched on about these things, and of course data protection is serious, especially in my line of work. BUT…I’m not sure the Information Commissioner is living in the real world. Total security is an unrealistic and unachievable expectation.
As I understand it the Commissioner’s approach to the security of legal papers is that any such papers should never be left in a car unattended (even on the forecourt whilst you pay for your petrol), and should only be left unattended at home if in a locked cabinet or if the property has a burglar alarm. Extrapolating from this what else might also be unacceptable, and imagining how this would impact on practice at the bar if implemented to the letter is an uncomfortable exercise. To give but one example: is it okay to leave your suitcase full of papers in the luggage rack of the train if you cannot sit directly next to it?
The Money Penalty Notices are a relatively new power and clearly the Commissioner is putting down a marker. It remains to be seen how they will be used in cases relating to data loss or disclosure by an individual or very small organisation without the resources of a public body like Herts CC (fined £100k). It is unclear if Bar Mutual Indemnity Fund will offer protection to individual barristers in such cases.
I suspect that we will be hearing more from our great leaders on this in due course.
And a lot of security procedures in a lot of chambers and solicitors firms will have to be revised, beefed up, enforced.