Why Is Data Protection Such A Big Deal?
A helpful starting point in learning about your obligations as a barrister is to consider data protection from a personal perspective.
MOMENTARILY FORGET THAT YOU ARE A BARRISTER. THINK OF YOURSELF AS AN INDIVIDUAL.
You, as an individual, have a right to privacy.
For example, you have a right to expect that your doctor treat your medical information with appropriate care.
Imagine how you would feel if anyone could access your most private medical notes – notes about contraception or fertility treatments, depression or mental illness, relationship problems, alcohol or drug addiction, cancer, heart disease, weight issues, hereditary illness. Even though the doctor has seen it all before, to you it is personal and private. How would you feel if your doctor left your medical records where someone else could pick them up and read them?
What about your financial health? How would you feel if any one who wanted could peer into your bank account? They could see how much you earned, where you shopped, where you went on holiday, how much you paid for your house, how much debt you are in?
Data Protection Law is designed to protect each and every individual from having details which are private to him or her, treated with disrespect.
As an individual, the data protection legislation gives you the right to know who is processing information about you and what they are using it for.
In the UK, the Data Protection Act 1998 (DPA) applies to a particular activity – processing of personal data – rather than to particular people or organisations.
As a barrister, throughout the course of the service you provide to clients, you process their personal data. You are a data controller and are thus subject to obligations under the DPA.
As barristers, we deal with personal data on a daily basis. In fact, we are likely to deal with the higher level of data referred to as ‘sensitive data’ – which has a higher risk attached. What this data will be will differ from barrister to barrister depending on your practice area. However, you may well have client’s dates of birth, medical history, details of allegations made against them, details of criminal convictions or proceedings they are involved in, employment details, their ethnic origin or religious background. These will be contained in your brief in medical reports, criminal records, bank statements, employment records, pleadings etc.
Where you store these papers containing this data will greatly influence how vulnerable you are.
Many common places barristers store or have this data include in a home study, in chambers, on a desk in a library, on the train going to court, on a laptop, on a mobile phone, in the cloud on such storage sites as Dropbox or iCloud, the list is long and varied.
WARNING: The more places you store the data, the more places you a have a responsibility to keep secure!
Given the large number of places barristers store data, and the fact the data they have is of the most sensitive kind, the risks to a barrister are extremely high.
In fact, barristers are arguably one of the most high-risk type of data controllers that exist.
What Are The Consequences?
If a barrister should have a security breach – even one as simple as losing a set of papers on a train or in a cafe – he or she risks a fine of up to £500,000 in the UK.
This fine will not be paid by chambers or covered by standard professional indemnity insurance, it will be payable by the barrister as the owner of the business. Perhaps even more worryingly, there is potential for criminal conviction for a number of different offences, as well as civil liability that arises.
A breach of security will almost inevitably lead to a hearing by The Bar Standards Board or Bar Council on potential professional misconduct.
It is likely that any enforcement in relation to a breach will be published by the Information Commissioner and reported in the media. Instructing solicitors and clients will question your ability to keep their data secure.
A simple mistake might mean the end of your practice.
The risks are high – all barristers need to take action to protect their practice.
QC Reported To ICO For Breach Of Data Protection
In 2009, A Barrister Breached The Data Protection Act By Failing To Encrypt A Laptop Containing Sensitive Personal Data.
The laptop contained personal data relating to a number of individuals involved in multiple court cases the barrister had been working on. This included details relating to the physical and mental health of persons involved in two of the cases. The laptop was later stolen from the barrister’s home when she was away on holiday. Whilst the barrister had a number of security measures in place at the time of the theft, the ICO found that she failed to ensure that either the device or the sensitive information stored on it was appropriately encrypted.
Could this happen to you? How will you deal with it if it does?
There is no doubt that for any barrister, a breach of security is a nightmare waiting to happen – and each would be well advised to take action to secure their client data as soon as possible.
Briefed has put together an online CPD Masterclass, Data Protection for Barristers: How to protect your practice.
Check availability at www.briefed.io
By Orlagh McGahan BL,CEO, Briefed Industry Platform for Barristers
Ms Orlagh McGahan BL
CEO, Briefed Industry Platform for Barristers