With Data Privacy Week spanning from 24th – 28th January, Briefed want to join the international effort to create awareness about data privacy and the pitfalls affecting the legal industry.
Throughout 2023, we advised organisations across the UK on dozens of data breaches. The vast majority of these breaches came from simple human errors that can happen to anyone, but it is vital to know that when small mistakes do occur, what action needs to be taken.
Your first step is to contain the breach and take steps to make sure it can’t happen again. You can do this by assessing the severity of the breach, checking:
The ICO states that it is crucial when dealing with a breach, that the commercial considerations of the organisation never outweigh the obligations to protect individuals. The principle of protecting individuals’ data is of the utmost importance.
In light of this, if you feel that any of the following are a possibility as a result of a data breach, you must notify the individual concerned so they can take any necessary mitigating action:
Similarly in recent years, we have seen a notable increase in the number of Subject Access Requests (SARs) received by chambers and other organisations. There could be a host of reasons why this surge has occurred, however it can be attributed to the ever-growing emphasis on data protection in public consciousness.
Three specific groups have emerged as the main contributors to the bulk of recent subject access requests:
Dissatisfied Clients – Often, an overly litigious client who is frustrated with the result of their case will make a SAR in an attempt to find a fault.
Rejected Candidate/Pupillage Applicants – SARs are now increasingly being used as a means of obtaining interview notes, feedback and internal correspondence relating to an individual’s application.
Former Employees or Barristers – More ex-employees are seeking copies of all documentation that references them, thus creating a considerable admin task. It can take weeks to sift through countless emails and documents in attempts to fulfil their request.
Clarify the request:
Is the request actually a SAR – they have no specified format and may not even use the words ‘Subject Access Request.’ Also identify the individual making the request. You can do this by requesting photo ID, ensuring you are sure about their identity before sharing personal data.
Act immediately:
You have one calendar month to respond to the SAR in full.
Consider third parties:
You may need to check what information other parties you regularly share information with hold on the data subject. Also consider whether the requested documentation contains personal data of third parties – have they consented to this being shared?
Seek professional advice:
As a result of this notable increase in SARs, Briefed are now offering a Data Protection Officer (DPO) support service. With this service, we will be able to aid you in navigating any queries you may have regarding GDPR, SARs or data breaches.
We offer specialist assistance and advice, including:
If you would like further information on how we can support you with these issues, feel free to contact us by email at hello@getbriefed.com or contact us on 028 9621 634.
Briefed launches Honesty Box Initiative, delivering expert training and advice from barristers at a price charities...
Networking is essential in the legal industry, and it is an art that requires skill, patience, and dedication. Effective networking can help...