December 2, 2014

A surge in the number of information security breaches involving barristers and solicitors should act as a warning to the North East legal profession to take data protection seriously.

That’s the view of Paul Holborow, head of RMT Technology, the specialist technology division of RMT Accountants & Business Advisors, after the Information Commissioner’s Office (ICO) revealed that 15 incidents involving legal professionals had been reported to them in just the last three months.

The ICO is the UK’s independent authority set up to uphold information rights in the public interest, and can impose penalties of up to £500,000 for a serious breach of the Data Protection Act, depending on the damage or distress that a breach might cause to affected individuals and companies.

And with barristers and solicitors often handling sensitive information in both electronic and hard copy formats, the impact of any security issues is likely to be significant.

Paul Holborow is advising legal professionals to follow a simple set of rules to minimise the chances of any data breaches arising.

He says: “In most cases, ICO penalties are issued against companies or public authorities, but as barristers and solicitors are generally classed as data controllers in their own right, they are legally responsible for the personal information they process.

“The information handled by legal professionals is often very sensitive, meaning that the damage caused by a data breach could meet the statutory threshold for issuing a financial penalty, and the fact that they will often carry around large quantities of information in folders or files that are being used in court, and may well store them at home during case, can increase the risk of a data breach.

“The potential impact of such a breach is not just financial, and could cause real reputational damage to a barrister or solicitor as well, but by following a set of simple measures, the chance of significant problems arising can be greatly reduced.

“Paper records should be kept secure when in use and locked safely away when not required, and wherever possible, personal information should be stored on an encrypted memory stick or portable device, which means that it will be virtually impossible to access it, even if the device is lost or stolen.

“Implement data minimisation techniques wherever possible, so that you are only carrying information that is essential to the task in hand, and if you’re sending personal information by email, consider whether it needs to be encrypted or password protected, as well as always ensuring that you double-check it’s being sent to the right email address.

“Only keep information for as long as is necessary, deleting or disposing of it securely when it’s no longer needed, and if you’re getting rid of an old computer or other device, make sure all of the information held on it is permanently deleted before disposal.”

RMT provides the full range of financial and business advisory services through its Specialist Tax, IT & Technology, Recovery & Insolvency, Corporate Finance, and Medical & Healthcare divisions. For more information, please visit


Our key focus is outstanding client service. We are always on the look out for high quality team members in the following areas…

If you would like to be part of a progressive, growing practice please upload your CV here.

  • Accepted file types: pdf, doc, png.
  • This field is for validation purposes and should be left unchanged.