Firms should definitely take notice of a new certification scheme for legal services backed by the Information Commissioner’s Office, a cyber law specialist has said.

The ICO announced this week that it had approved a legal services operational privacy certification scheme, which would provide law firms and barristers’ chambers with certainty that they are adhering to data protection standards when processing sensitive personal data.

However, solicitor Peter Wright, managing director of cyber law specialist Digital Law UK, told the Gazette that the certification scheme is not just for law firms but applies to all legal services providers, and could become a 'key plank' of supplier due diligence.

Wright said: ‘If you have got a company providing services to a law firm, such as a case management system, IT infrastructure, cloud or compliance services, you can now check if that provider is compliant to this standard. If the provider is not following this standard, you can ask, “Why are they not following it?” If they are not, that might be a bit of a red flag. If a provider is accredited to this certification, you can rest a little bit easier.’

In this week’s announcement, ICO deputy commissioner Emily Keaney said the certification scheme will reduce time and resource spent assessing third party data processors, and reassure clients they are committed to looking after their personal details and strong information security in place.

Personal data is not just about digital data, Wright said. ‘Firms have got hard copy paper coming out of their ears – how should they be treating that data? How should they be dealing with document archives? This is the sort of certification that will provide important, explicit guidance on what they should be doing.’

 

This article is now closed for comment.