- New SRA rules places responsibility on law firms to minimise risk and ensure compliance
- Survey results show a high degree of complacency amongst law firms towards data protection
Oyez Professional Services [1], in association with the Association of Accountants Innovation & Technology Consultants (IAAITC), recently conducted a comprehensive information security survey targeted at law firms across England and Wales.
The results, which have now been published, highlight a worrying trend amongst law firms, which seem to prefer to ignore the risks that their current security programmes expose them to.
Amongst the findings:
- 53% of firms do not give responsibility for security to the firm’s COLP (which the SRA firmly holds responsible);
- 30% of firms are unaware of the regulations under the SRA Code of Conduct;
- 40% of practices believe it is likely or inevitable that they will suffer a breach of information security regulations;
- 60% have already had an incident such as a lost or stolen laptop or file;
- 73% believe employee error is the most likely source of a breach in security;
- 70% of law firms have done either no employee security training at all or no security training in last 12 months;
- 50% of firms have no encryption policy or one that is poorly followed;
- 57% of practices monitor the effectiveness of their information security programme; and
- 63% consider finding the relevant information time-consuming.
Further information is featured in the complete survey results report which can be downloaded, free of charge, from http://www.oyezforms.co.uk/security.asp. [2]
To sum up, firms appear to be running the risk of not complying with legal and professional regulation designed to protect personal data. Lack of proper policy making and evidence-based training, is suggestive of a profession not yet coming to terms with the regulation. Eighteen reported incidents amongst a sample of 30 firms is a worrying statistic that, if projected across all law firms in England and Wales, would mean security breaches are already happening at many thousands of law firms.
To help legal firms meet their responsibilities, regardless of their size or technical requirements, Oyez is offering a free set of entry-level policies and worksheets to get them started. A comprehensive information security subscription service is also available that offers a full set of guidance notes, policy templates, staff assessments and awareness posters, plus an on-going free update service to keep policies and procedures up to date with regulatory changes.
Developed in partnership with IAAITC (the International Association of Accountants for Innovation and Technology Consultants), specialists in information security programmes, the subscription has been developed especially for legal firms to reflect best practice and the latest technical developments.
They also offer information security consultancy via a network of trained consultants, to firms that feel they would like additional support during the planning or implementation process.
Nick Hodges, managing director of Oyez Professional Services, says: “The SRA rules are putting increased demands on many law firms. We know that many of our clients have a requirement for increased information security and we are delighted to be able to offer the first system designed specifically to meet the needs of UK legal professionals.”
Paul Holborow, for IAAITC, says: “The legal profession knows only too well the importance of confidentiality and keeping the personal data it holds secure. The reality though is that many law firms need assistance to help them understand their responsibilities and to put the controls and policies they need in place. Working with Oyez, who have a proven record of service to the legal profession, means that law firms can now easily access the information, expertise and practical tools they need.”