Conveyancers need to rethink how they handle personal data
Whether working for a solicitor’s office or as an independent conveyancer, one of the universal principles of the legal industry is the need to maintain confidentiality. Property transactions, by their very nature, necessitate the handling and sharing of a wide array of private and sensitive information; the majority of which will, at one time or another, pass through the office of the conveyancer. Without the ability of the conveyancer to keep that information secure, confidentiality cannot be ensured; thus the essential trust between client and the service is threatened.
In the wider world of law, many recent news reports have highlighted a series of data breaches in which lawyers have failed to protect private information, resulting in ominous warnings from the Information Commissioner’s Office (ICO). Such breaches can bring severe consequences for both the client and law firm, meaning that crucial steps must be taken to ensure information is securely handled and stored.
The challenges of physical vs. electronic data
Historically, the safest way to transfer information between conveyancers and their clients has been by physically moving the documents via a secure courier. This use of physical documents, whilst still a fundamental part of many property transactions – even with the growth of electronic communication – can lead to security breaches when documents are not transported securely. Chris Graham, the Information Commissioner, recently stated that 15 complaints had been filed to the ICO against legal professionals in the previous six months, all related to files and private data that had been lost or accidentally shared with third parties. Several of these complaints surrounded the mishandling of physical documents, which were found to be regularly transported in briefcases, left in vehicles overnight, or stored in individuals’ homes — all of which pose obvious security risks.
Following this series of breaches, the ICO publicly stressed to the legal industry the importance of tightening security measures and also published top tips on how to handle data proficiently. This included advice to legal professionals to consider the form of protection necessary when sending files, depending on their content, and only to transport sensitive data when essential. The warning echoes the words of a similar caution from Edward Snowden in July 2014, when he urged lawyers, accountants, and other professionals handling personal data to update their confidentiality measures. In particular, he warned that the ongoing development of new cyber platforms and technologies meant that digital communications were no longer safe from infringement or privacy breaches.
However, findings from DX’s 2014 Legal Survey — which questioned individuals working in legal departments and law firms in the UK to gauge their attitudes, concerns and current working practices related to data protection — demonstrated that security concerns are not limited to solely electronic or solely physical information, but rather both types of documents are perceived to be at risk from security breaches. Nearly six out of 10 (57%) of the legal professionals surveyed believe that non-encrypted emails pose the greatest risk, with 55% of those questioned aware of emails being sent to the wrong addresses and potentially revealing confidential information.
The next level in data protection
Statistics showing that over half of legal professionals have witnessed communications accidentally ending up in the wrong hands are particularly concerning for firms, given the regulatory context.
The EU’s General Data Protection Regulation is due to be finalised in the next 3-6 months, and under these new rules conveyancers will be bound by a legal commitment to treat all client information with a sensitivity and care beyond that previously regulated, particularly when it comes to electronic data.
For conveyancers, the increased threat of large fines under the new rules (up to 5% of worldwide turnover) means that sensitive data must be treated even more carefully, with companies encouraged to err on the side of ‘safe’ rather than ‘sorry’. A firm’s individual data security policies — from email encryption through to document tracking — will become increasingly important as a means of safeguarding against both reputational catastrophe and severe financial punishment.