From: Law Society Gazette
By Jennie Sumpster
The last piece of substantive legislation to address the issue of data protection dates back to 1998. Sixteen years on, data processing technology has advanced at a record pace and current legislation is no longer fit for purpose. The sheer volume of data held by organisations, coupled with the international nature of our individual online activities, means our data is everywhere and potentially accessible to anyone who has the right tools.
A data loss incident can happen at any time and is never convenient. Whether the cause is internal action or external attack, law firms need to ascertain what they can do proactively to mitigate the risk of data loss. If such an event does occur, proven and tested processes need to be in place for the firm to deal with the issue alongside its day-to-day operations.
If a law firm is unable to demonstrate that it has taken all reasonable steps to protect its systems, not only will it be breaching regulatory obligations, but reputations will also be at risk.
Leave a Reply