Despite what the headline says, the UK barrister who has been fined £1,000 by the Information Commissioner’s Office (ICO) was not penalized for storing client files on her home computer. Careful reading of the article shows that she "failed to keep clients’ sensitive personal information secure" - which could have easily happened in any small or medium sized law firm here.
Here's what happened
1. Her husband updated software on the couple’s home computer. This could have easily happened in any law firm; updating software is a standard practice.
2. Information from the computer was temporarily uploaded to an internet directory as a back up during the software upgrade. This would also have happened if the upgrade had taken place in the law firm. At first glance, this would be good practice - back up important data before an upgrade, in case something goes wrong. But unfortunately the backup server was clearly not secure; see next point.
3. Personal information of up to 250 people, including vulnerable adults and children, was visible to an internet search engine in 725 non-encrypted documents. This is terrible and we should all demand to know what software this was, because it clearly did not take reasonable steps to secure personal data. If any law firms are using this software, they are clearly at risk too.
It may have been harsh to penalize this lawyer. Few people would have foreseen or even aware that their data backup would be searchable online!
|Your law firm computer isn't any safer than your home computer|
This accidental data breach and the resultant fine did not take place solely because the lawyer had stored files on her home computer. It could easily have happened in the law firm as well. While lawyers who are working off-site or tele-commuting need to be careful about data security, law firms should also be aware of these risks.