Compliance n. Cooperation or Obedience
Compliance is the act of making sure that what you do is in alignment with regulations and principles – obedient and cooperative.
In the case of a barristers’ chambers, compliance covers your responsibility to protect data privacy and client confidentiality – especially now that data is being transferred to the cloud, and shared over multiple devices electronically.
Any organisation that collects, processes or stores personal data in any way is obliged to comply with appropriate security measures. Regulations and industry standards exist in most sectors to ensure the safety of that data. This is particularly true of the legal sector.
Failure to comply with these security guidelines can mean fines and penalties, legal action and damage to your reputation.
The Data Protection Act requires that data be “kept secure against unlawful or unauthorised processing, or accidental loss or erasure”, “processed in accordance with the rights of the data subject” and “not transferred to a country outside the European Economic Area (EEA) unless that country ensures an adequate level of protection.”
As we outlined in our recent article ‘Who is Responsible for Data in the Cloud?’, you, as the data controller, are responsible for making sure that the appropriate security measures are in place to comply with data regulations and client confidentiality:
“in cloud computing, it will be the cloud customer who will determine the purposes for which personal data are being processed. Therefore it is the cloud customer who will most likely be the controller and therefore will have overall responsibility for complying with the Data Protection Act”
Why is Compliance So Important?
Barristers are obliged to comply with data protection rules as outlined by the Information Commissioners Office, The Attorney General and The Bar Council. The implications of a breach are severe – lost data or a violation of data confidentiality can result in government fines of up to £500,000:
“…you must protect the confidentiality of each client’s affairs, except for such disclosures as are required by law or to which your client gives informed consent”
So How Can We Help?
As we wrote last week, a legal firm’s responsibility to data protection and compliance are much greater, and so require a unique approach. A move to cloud services, too, increases the need to protect personal and confidential client data.
We can help you develop a comprehensive IT security strategy to ensure that your security systems are compliant with data protection regulations. Get in touch today – one of our friendly team will be happy to talk through your options.