More than 170 law firms were investigated by the Information Commissioner’s Office (ICO) over potential data breaches during 2014, according to data released by the ICO in response to a Freedom of Information (FoI) request.
The information comes months after the ICO issued a public warning to law firms, following a spate of data breaches reported to the ICO involving the legal profession. The FoI request was made by encryption software specialist Egress Software Technologies.
“If you speak to any partner in a law firm, no one would argue [against] the need for information security. So it does not add up why firms are not protecting that client information and taking daily risks. It is only a matter of time before a high-profile firm is fined and the reputational damage that will bring to that firm as clients start to look elsewhere,” Egress Software CEO Tony Pepper told The Law Gazette.
“What today’s revelation demonstrates is the scale of issue and the number of firms guilty of not providing adequate data security measures in order to protect the highly sensitive client information they manage and share,” he continued.
“For whatever reason, there seems to have been a major disconnect between the priority placed on protecting this data and the consequences of a breach.”
It’s not the first time that Egress Software has used the Freedom of Information Act to extract information from the ICO. In December, it revealed that human error was increasingly to blame for disclosures of personal data, with healthcare organisations topping the list, responsible for half of the breaches.
“Examining reported incidents between April and June 2013, and the same period for 2014, healthcare organisations top this list, with 91 reported breaches increasing to 183 – a staggering 101 per cent increase. In other sectors the percentage increases are equally concerning: insurance 200 per cent, financial advisers 44 per cent and lenders 200 per cent; education 56 per cent; and general business 143 per cent,” stated the company in a press release.
Only seven per cent, it added, were the result of technical failings. “The remaining 93 per cent were down to human error, poor processes and systems in place, and lack of care when handling data.”