Losing client data ‘can destroy reputation and trust’

By Jerome Doraisamy|12 February 2019

In the wake of findings that the legal sector is the second-most breached sector in Australia, the COO of a cloud-based email management company has reminded the legal profession that effective management of client data is integral to the continuity of any legal practice.

According to the latest Office of the Australian Information Commissioner report, the Australian legal sector is the second-most breached sector, after the healthcare industry. Moreover, 33 per cent of all reported breaches were a result of human error.

Since the Notifiable Data Breaches (NDB) scheme came into effect last February, the legal sector has consistently remained in the top three breached sectors in all quarterly reports, noted Mimecast COO Ed Jennings.

“Due to the value and sensitivity of client data, it continues to be highly sought-after by cyber criminals. As every legal firm knows, the privileged information they hold on behalf of clients, and exchange in correspondence, is particularly sensitive and it is imperative that legal professionals and clients can securely share and store this information,” he said.

“Client data management is integral to the continuity of any legal practice and, if breached, can destroy reputation and trust.”

The report from AOIC also raises real questions for the legal sector as to why they feature so prominently compared to other industries, he posited.

“From our analysis and other research that we see, it’s because these organisations manage trusted, high-value information on behalf of their clients. Naturally, this is of interest to criminals looking to gain client information as well as commercial and trade advantage through theft.”

Advertisement
Advertisement

When asked about what more lawyers and firms need to do to decrease risk, Mr Jennings said that, for the most part, legal professionals understand their obligations under the Notifiable Data Breach scheme and the European Union’s General Data Protection Regulation.

In a world where cyber attacks have become the norm, he mused, law firms “must remain vigilant and adopt crucial security practices” as part of their fundamental business practices.

“When it comes to managing mass amounts of sensitive client data and adhering to global data regulations, law firms need to think beyond traditional, defence-only security and implement a holistic plan,” he explained.

“The plan must embody advanced security, continuity and data protection and every legal organisation should be able to demonstrate that they have proper controls over the processing and security of personal data, including how it is stored, kept up-to-date, accessed, transferred and deleted.”

“We are seeing an increasing number of legal practices investing in cyber security awareness training and embedding it into the culture of the organisation. While the consequences are known, the stakes are higher for law firms whose businesses rely on the trust and privileged information they hold.”

Losing client data ‘can destroy reputation and trust’
Intro image
lawyersweekly logo
Big Law

latest

Slaters hits Colonial First State with class action on behalf of 500,000 Australians

Victorian principal found guilty on 9 charges

Maurice Blackburn circles MySuper with new class action

Ruling that litigation funders must pay security for costs has numerous implications