The Information Commissioner’s Office (ICO) published GDPR: One year on. Regulatory priorities going forwards include a number which may impact on law firms to varying degrees -cyber security, artificial intelligence and machine learning, and (depending on their client base) freedom of information.

The ICO has also published its Audit Report on the Legal Ombudsman (LeO). This contains some potentially useful pointers for law firms. The issues identified included –

  • physical security in LeO’s main office and their third party document storage,
  • failure to dispose of records in accordance with their document retention schedule,
  • lack of a data flow map recording all processing activities,
  • deficiencies in information asset registers,
  • lack of assurance from their IT provider in relation to network management, including anti-virus and anti-malware protection, and
  • training deficiencies.

We advise many firms on data protection issues, including data breach reporting. Causes of data breaches remain unchanged –letters in the wrong envelope (including two letters stuck together), files left in taxis and emails sent to the wrong person. An illustration of the dangers of email autofill addressing appears in the case of Advertising Standards Authority Ltd v Mitchell[2019] EWHC 1469 (QB).

Links to the above documents here

‹ Back to Publications