Legal professionals may face fines of £500,000 warns ICO

Members of the legal profession could face fines of up to £500,000 if they do not keep personal information secure, the Information Commissioner’s Office (ICO) has warned.

The ICO has received increased reports of data breaches involving the legal profession.

With barristers and solicitors generally classed as data controllers in their own right, they are legally responsible for the information they process and could face penalties usually levied to companies or public authorities.

Anything deemed to be a serious breach of the Data Protection Act that could cause substantial damage or distress to affected is punishable with a fine of up to £500,000.

As legal professionals often carry large quantities of information when going to or from court, and some even storing them at home, the risk of a data breach becomes higher.

Information Commissioner, Christopher Graham, said: “It is important that we sound the alarm at an early stage to make sure this problem is addressed before a barrister or solicitor is left counting the financial and reputational damage of a serious data breach.”

The ICO has published the following tips to help barristers and solicitors keep the personal information they handle secure:


  1. 1 Keep paper records secure. Do not leave files in your car overnight and lock information away when not in use.
  2. Consider data minimisation techniques in order to ensure that you are only carrying information that is essential to the task in hand.
  3. Store personal information on an encrypted memory stick or portable device. If the information is properly encrypted it will be virtually impossible to access, even if the device is lost or stolen.
  4. When sending personal information by email consider whether the information needs to be encrypted or password protected. Avoid the pitfalls of auto-complete by double checking to make sure the email address you are sending the information to is correct.
  5. Only keep information for as long as is necessary. You must delete or dispose of information securely if you no longer need it.
  6. If you are disposing of an old computer, or other device, make sure all of the information held on the device is permanently deleted before disposal.


The ICO is currently working with The Bar Council to update the Information Security Guidance provided to Barristers in England and Wales.

Guidance on security measures that should be in place when handling personal information can be found on the ICO’s website here:

The ICO has published a blog explaining encryption and the options available to barristers and solicitors here:

Today's Conveyancer