MAY 2024 – ARTICLES & ITEMS OF INTEREST

Home of the Q Standard

MAY 2024 – ARTICLES & ITEMS OF INTEREST

The Legal Quality Standard of Ireland

MAY 2024 – ARTICLES & ITEMS OF INTEREST

HELP YOUR FIRM PREVENT MONEY TRANSFER SCAMS

In issue 244 Spring 2024 of ‘The Writ’ the ezine of the Law Society of Northern Ireland there is an article stating the Law Society has launched a new publication aimed at supporting solicitor firms and their clients fight against scammers.  This publication updates the Society’s Call, Check and Confirm leaflet and now focuses on Money Transfers.

Scammers are actively targeting email correspondence between solicitors and their clients in relation to the transfer of money by intercepting, misdirecting and defrauding the client into making payments into the scammers bank accounts.

The Society’s new leaflet reinforces the message that if you receive email correspondence or contact which is unexpected or requests a change in bank details or money transfer you should immediately call the other party check they sent the email and confirm that matters are correct.

To view the leaflet see https://www.lawsoc-ni.org/DatabaseDocs/new_6992755__call_check_and_confirm_money_transfer0324.pdf and to view the article in the Writ Magazine see page 32 https://issuu.com/www.lawsoc-ni.org/docs/writ_244_spring_2024_final_210524?fr=xGAEgAT3_FRUc

DPC PUBLISHES ITS ANNUAL REPORT

On the 29 May 2024 the Data Protection Commissioner (DPC) published its annual report for 2023.  Some of the highlights of the 2023 Annual report, which covers the period from the 1 January 2023 to 31 January 2023 include:

Supporting Individuals

  • The DPC received 25,130 electronic contacts, 7,085 phone calls and 1,253 postal contacts;
  • The DPC processed 11,200 new cases in 2023.  This represents a 20% increase on the 9,370 figure for 2022.
  • Of the 11,200 new cases, 8,600 were of a type that could be dealt with relatively expeditiously and 2,600 progressed to the complaint handling process.
  • In addition to receiving 11,200 new cases, the DPC concluded 11,147 cases in 2023, of which 3,218 were resolved through the formal complaint-handling process. This figure includes complaints received prior to 2023.
  • The most frequent GDPR topics for queries and complaints continued to be: Access Requests, Fair-processing; Disclosure; Direct Marketing; and Right to Erasure.

Supporting Industry

  • Total valid breach notifications received in 2023 was 6,991. This represents a 20% increase on the 5,828 breaches notified in 2022.
  • Of those breach notifications received in 2023, 92% were concluded by year end.
  • The most frequent cause of breaches reported to the DPC arose as a result of correspondence inadvertently being misdirected to the wrong recipients, at 52% of the overall total.

Complaints under the Data Protection Acts 1988 & 2003

  • The DPC continues to receive complaints that fall to be handled under the 1988 & 2003 Acts. In 2023, the DPC issued 11 formal Decisions under the Data Protection Acts 1988 & 2003, of which 6 fully upheld the complaint, 4 partially upheld the complaint and 1 rejected the complaint.

Finalised decisions and administrative fines

  • The DPC issued 19 finalised decisions resulting in administrative fines totalling €1.55 billion, along with multiple reprimands and compliance orders being imposed, including:
    • Meta Platforms Ireland Limited concerning Data Transfers from the EU to the USA – fined €1.2 billion.
    • TikTok Technology Limited. The inquiry examined the processing of personal data relating to children by TikTok – fined €345 million.
    • Bank of Ireland. This inquiry was in relation to a series of data breaches on the Bank of Ireland 365 app – fined €750,000.
    • Centric Health. The Inquiry was commenced following a ransomware attack affecting patient data held on Centric’s patient administration system where over 70,000 patients were affected. Some 2,500 patients were permanently affected as their data was deleted with no backup available – fined €460,000.

This 148 page report also includes 31 case studies.

To view this report in full see https://www.dataprotection.ie/sites/default/files/uploads/2024-05/DPC%20EN_AR%202023_Final%20.pdf

UK CHAMBERS SUFFER SUSPECTED ATTACK – CYBER SECURITY SUPPORT BOLSTERED

On the 17 May 2024, the Law Society of England and Wales website published an article titled “Cyber security support bolstered as chambers suffers suspected attack”.

Their Law Society and Bar Council have now updated its existing questionnaire to include disaster recovery, business continuity, incident management, and data and device management, to help law firms assess the cybersecurity arrangements of the chambers and barristers they instruct.

The questionnaire, introduced two years ago, contains 35 questions focusing on central services that chambers might provide to barristers and staff.  The questionnaire also contains greater emphasis on protection against phishing, identifying vulnerabilities and penetration testing.   For instance, the questionnaire asks if chambers conduct phishing or spam simulation threats at least twice a year and how access to their systems is secured on devices owned by their self-employed barristers.

The Society and Bar Council have also created a voluntary, non-legally binding cyber and information security affirmation, which can be used by solicitors and barristers to define and agree specific roles and responsibilities.

Society president Nick Emmerson said: ‘Law firms and chambers are targets for the ever-growing threats from cyber criminals.  We know that no one tool can offer complete protection against cyber threats, but this updated questionnaire will help reassure clients that data is kept as secure as possible. Firms will need to continue to take other precautions, but the development of the questionnaire is an important step in the right direction.’

The updated questionnaire comes as London set Brick Court Chambers confirmed on Thursday it was investigating a potential cyber incident.

A spokesperson for Brick Court said: ‘We are aware of a potential cyber incident and we are actively working with external cyber specialists to investigate the extent of any data breach.  Chambers remains fully operational and we are taking all necessary steps to secure our systems. At this stage of the investigation it is not clear whether client data has been impacted.  We are investigating this matter as a matter of urgency.’

To view this article, which contains a link to the questionnaire and Cyber and Information Security Affirmation see https://www.lawgazette.co.uk/news/cybersecurity-support-bolstered-as-chambers-suffers-suspected-attack/5119735.article

LQSI AML WEBINAR

On the 29 May 2024, the LQSI hosted an AML webinar, this is now available to view in the members’ area of the LQSI website.

See www.lqsi.ie

ICO CALLS ON ORGANISATIONS TO DO MORE TO BOOST THEIR CYBER SECURITY

On the 10 May 2024 the Information Commissioners Office (ICO) wrote an article calling organisations to do more to boost their cyber security and protect personal information to combat the growing threat of cyber attacks.

The ICO’s data reveals more organisations than ever are experiencing cyber security breaches that put people’s personal information at risk.  Over 3,000 cyber breaches were reported to them in 2023, with the finance (22%), retail (18%) and education (11%) sectors reporting the most incidents.

In a new report published, they have analysed the data breach reports they received and shared lessons that can be learnt from common security mistakes.

The “Learning from the mistakes of others” report has practical advice to help organisations to understand common security failures and take simple steps to improve their own security, preventing future data breaches before they can happen.

The report focuses on five leading causes of cyber security breaches:

  • Phishing – where scam messages trick the user and persuade people to share passwords or accidentally download malware.
  • Brute force attacks – where criminals use trial and error to guess username and password combinations, or encryption keys.
  • Denial of service – where criminals aim to stop the normal functioning of a website or computer network by overloading it.
  • Errors – where security settings are misconfigured, including being poorly implemented, not maintained and or left on default settings.
  • Supply chain attacks – where products, services, or technology you use are compromised and then used to infiltrate your own systems.

For each cause, the report explains how these attacks take place, some key considerations to mitigate the risk and likely future developments. It also includes case studies from their regulatory activities.

To view this article in full and the related reports see https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2024/05/organisations-must-do-more-to-combat-the-growing-threat-of-cyber-attacks/

UK FACE NEW DEMANDS ON COMPLAINT HANDLING PROCEDURES

In May 2024 the Law Society of England and Wales issued an article titled “Firm’s to face new demands to raze ‘wall of silence’ on complaints”.

The oversight regulator wants bodies such as the Solicitors Regulation Authority to step in and compel law firms to improve their complaints handling – with enforcement measures taken if necessary.

The Legal Services Board said today there needs to be a ‘step-change improvement’ in first-tier complaint handling to ensure firms deal with them effectively, efficiently and fairly.

New requirements and guidance were published today amid concerns that legal services providers are not doing enough to stop complaints escalating.

In practice, that is likely to mean that the SRA and other legal services regulators start to take more proactive steps in relation to firms who are not handling complaints well enough.

Firms should provide complainants with regular updates and ensure communications are in ‘plain and appropriate’ language.

Regulators should also start to identify themes in weaknesses in complaint handling, and identify firms with ‘disproportionately and consistently high’ numbers of complaints and unresolved matters being taken to the Legal Ombudsman.

To view this article in full see https://www.lawgazette.co.uk/news/firms-to-face-new-demands-to-raze-wall-of-silence-on-complaints/5119746.article

error: Content is protected !!