Blog
ICO regulatory update: The only constant is change Spring 2023
Emily Carter
Our first hand understanding of the specific challenges which data processing, privacy and privilege bring within law firms, means we can advise you in a commercial and pragmatic way while ensuring you operate safely within the law. Based upon many years’ experience of compliance, investigations and litigation in these areas, our specialist information lawyers provide incisive advice concerning data, privacy and privilege issues in the most highly sensitive of circumstances.
As the volume and complexity of data rapidly increases, law firms need to maintain their data processing frameworks to both comply with the UK data protection laws and enable their clients’ confidential, sensitive and privileged information to be handled with safety and confidence. As risks increase, preparation for and response to data breaches and cyber-attacks must remain front of mind for all law firms. When disputes arise, data subject access requests are made, or other privacy or privilege issues require consideration, law firms can be left walking a legal tightrope. We can assist you with:
Data breaches and cyber-response
The financial and reputational damage caused by a data breach can have devastating consequences for law firms. Dealing with a data breach of any nature involves complex considerations. Our data breach solicitors can assist you from the moment that a breach is first identified to the conclusion of the legal processes which may follow.
Cyber-attacks are a sad fact of life for law firms in the current climate. Every law firm should proceed on the basis that it is when, not if, they will suffer an attack. Firms of all sizes, practice types and locations are at risk. We can assist law firms with their cyber-preparedness from formulating disaster recovery plans, running mock breach exercises (‘war-gaming’) and providing bespoke training at all levels of the organisation. When an attack happens we can assist with the short, medium and long-term response including advising on legal, regulatory, reputation management/comms and litigation outcomes.
Investigations and litigation
We regularly provide ‘cradle to grave’ data protection and privacy advice through the life of an investigation, from the initial allegation to final report. We can assist you to identify and mitigate risks associated with specific challenges associated with sensitive internal investigations, including maintaining security and confidentiality. We have extensive experience dealing with requests from the SRA, Police or other investigatory authorities, as well as data subject access requests (DSARs) from those involved in the investigations.
Data subject access requests (DSARs)
Law firms are receiving increasing numbers of data subject access requests (DSARs) from clients, opponents and staff members, especially where a dispute has arisen. Given the increasing volume and new modes of communications, as well as additional concerns in relation to client confidentiality and privilege, we can work hand in hand with you, providing clear advice and practical support in identifying and reviewing responsive data, and applying relevant exemptions. We offer tailored solutions meaning we can provide an ‘advice only’ service if that is all that is required through to a complete DSAR response service involving the review, redaction and disclosure of materials.
Legal professional privilege (LPP)
The law relating to legal professional privilege is complex and constantly evolving, and the consequences for law firms that fail to protect their clients’ privilege can be significant. Whether dealing with a criminal investigation, regulatory matter, data subject access request or internal investigation, law firms require expert advice on how to navigate this area of law to ensure that their clients’ and, in some cases, their own privilege is protected and not shared with third parties unless authorised. Our specialist lawyers are experts in the law of LPP and can assist regardless of the context in which privilege issues arise.
UK GDPR compliance
We can identify gaps in your existing UK GDPR compliance measures, and support you in meeting your data protection obligations, including when introducing new data processing tools and technology. We regularly advise upon fair and lawful processing, privacy notices, data processing agreements and international transfers. We can also advise upon developing areas of compliance relating to employee surveillance and automatic decision making.
Please read our GDPR Compliance page for more information about the services we offer in this area.
ICO investigations and enforcement
We have extensive experience supporting organisations investigated by the ICO, including within the legal sector. We can advise upon compliance with Information Notices and requests for interview, as well as the statutory enforcement process. In the event of ICO enquiries, our depth of experience within regulatory spheres ensures you have the best possible advice to navigate inherently challenging issues.
We offer bespoke training, tailored to suit your requirements, on all of the topics listed above.
You may also be interested in:
Law Firms - Data Protection, Privacy & Privilege Insights
Blog
Data: A New Direction - Research, Re-use and Responsibility
Emily Carter