Most lawyers by now are enjoying the benefits of added productivity from mobile devices. Mobile allows lawyers to reply instantly to email and view and amend documents on the go.
It allows chambers to be more responsive, dutiful and to improve the service that they provide to their clients.
Using mobile, though, comes with significant risks – risks that must be mitigated when dealing with confidential documents deemed ‘sensitive’ under the Data Protection Act. The most obvious risk, of course, is losing a tablet full of sensitive work emails and client documents. The consequences are serious, and can result in severe civil penalties from the Information Commissioner.
Lawyers are required to safeguard client confidentiality in accordance with CD6 and rc15.5, and it is not unheard of for carelessness with sensitive materials resulting in six-figure penalties!
There are ways that you can minimise the risk, and ensure that work done on a mobile device meets compliance regulations as set out by the Bar Council, the Information Commissioner and the Attorney General’s Office. Here is our advice on good practice for barristers and legal professionals for mobile security:
- Choose a secure and memorable password for your phone or tablet.
“Passwords used to access computers or encrypted data should be at least 9 letters or more in length and should contain at least three out of the four keyboard symbols (upper case; lower case, numbers and symbols).”
- Minimise the amount of material stored on your phone and the length of time that you keep it there.
- Install a remote-wipe application, so that if you device is lost or stolen, you can quickly remove sensitive or confidential material.
- Encrypt your device, either with in-built software or by downloading an app.
- Be careful when using insecure wireless networks out and about. On insecure networks, hackers can intercept emails and steal your passwords.
“Counsel should use CJSM to send and receive RESTRICTED material by e mail.”
Individual organisations will have their own security guidelines, and some will provide email addresses and networks compliant with them. These 5 steps are a good foundation to work from, though. If you are carrying out work for government departments like the CPS or MOJ, you may have to get your mobile device approved or installed with special encryption software.
For more information, read the Attorney General’s Security Guidelines. If you want to guarantee that your Chambers’ networks, mobile devices and IT systems are secure and compliant, get in touch! We’ll be happy to carry out a full security audit and suggest actions going forward.