OCTOBER 2024 – ARTICLES & ITEMS OF INTEREST

Home of the Q Standard

OCTOBER 2024 – ARTICLES & ITEMS OF INTEREST

   ARTICLES & ITEMS OF INTEREST    November 12, 2024  |  0

PROFESSIONAL INDEMNITY RENEWAL

In the recently published Autumn edition of the Parchment, Niall Cawley has written an article “Professional Indemnity Renewal”.  This sets out some advices in relation to professional indemnity insurance, outlines the current insurance providers and gives an insight into how the market is behaving for the current year.

In this article Niall Cawley discusses PI renewal under the following headings:-

  • ‘Prepare your application early’.
  • He gives several reasons for ‘using the Common Proposal Form’.
  • ‘Information on the current market’ – There are no new entrants.
  • ‘What to expect in renewal’ – the global professional indemnity insurance market has continued to operate as a buyer market with downward pressure on rates. 
  • ‘Top-up cover and cyber insurance’ – Top up prices are under downward pressure aswell.  Cyber insurance is regarded as a good idea in the current climate when all firms have a target on their back.  He states to be wary of cheap cyber cover, insist on a written assurance that the cyber policy will pay out first for the cyber claim and not after the main PII policy pays out.

To view this article in full see https://issuu.com/256media/docs/parchment_autumn_2024-flipbookpdf?e=0

For more information on PII renewal see a recently published article from the Law Society of Ireland https://www.lawsociety.ie/gazette/top-stories/2024/november/guidance-on-preparing-for-your-pii-renewal/ and the October gazette published a committee spotlight “the gazette speaks to the chair of the PII committee” https://www.lawsociety.ie/globalassets/documents/gazette/gazette-pdfs/gazette-2024/october-2024-gazette.pdf#page=49  

PROCEDURES FOR SAFER BANKING

On the 29 October 2024 the Law Society published a news article titled “Safer Banking Procedures”.

It states how Safe procedures can protect your firm and client funds at a crucial point of vulnerability.  Law firms, particularly those handling large sums of client funds, have always been attractive targets for cybercrime. A study by Smith & Williamson (now Evelyn Partners) revealed that that 60% of top-20 law firms experienced cyber-attacks in 2021, with smaller firms also at risk.”

It sets out safer banking tips under the following headings:-

  • Staff Training   
    • Training and awareness
  • Client Account Security 
    • Direct Communication
    • Jurisdictional compliance
    • Encrytion and verification
    • Alternative communication
  • Client Communication
    • Set expectations
    • Public profile caution
    • Safe communication practices
  • Safe Banking Practices
    • Secure information sharing
    • Verification
  • Double Check System
    • Two pairs of eyes
    • Secondary verification
  • Cyber Security Awareness
    • Protect online banking
  • Report Attacks
    • Professional vigilance

This article should be communicated and reviewed by all staff.  To view this informative news article see https://lawsociety.ie/news/news/Stories/cyber-security-safer-banking-procedures/    

FRAUD ALERT FROM BANK OF IRELAND

Bank of Ireland has confirmed to the Law Society that they have identified a number of recent attempted frauds against solicitor customers of the bank that all follow the same method.

The alert from the bank can be viewed on the Law Society website https://www.lawsociety.ie/news/news/Stories/fraud-alert-from-bank-of-ireland/?filters=&location=&category=&area 

HACKERS STEAL FIRM’S CLIENT DETAILS

This month is was reported on the website of the Law Society of England and Wales, how a law firm has been reprimanded by the data watchdog after hackers were able to access client details because of insufficient security measures. 

Levales Solicitors LLP, which specialise in criminal and military law, was found by the Information Commissioner’s Office to have breached regulations requiring that organisations ‘ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services’. 

An ‘unknown actor’ had accessed the firm’s secure cloud-based server and later published the data on the dark web.  The material stolen included names, addresses, national insurance numbers, prisoner numbers and health status of clients.  In total, 8,234 UK data subjects were affected.  Of these, 863 were deemed to be at ‘high-risk’ of harm or detriment due to the special category of data including data pertaining to ‘homicide, terrorism, sexual offences, offences involving children or particularly vulnerable adults’.

Levales did not have multi-factor authentication (MFA) for the affected domain account and relied on computer prompts for the management and strength of passwords.  The ICO said multi-factor authentication is a ‘basic measure’ which firms processing personal data would be expected to implement.

‘Levales had not reviewed if the technical measures associated with the contract, were appropriate for the personal data they were processing since the contract was first signed in 2012.’

The firm said it had taken remedial steps in the light of the incident. This includes the introduction of MFA for all user accounts, updated service contracts with third party providers, and a complete review of existing systems.  Given these changes, the ICO said a reprimand was an appropriate penalty.

To view this article in full see https://www.lawgazette.co.uk/news/firm-sanctioned-after-hackers-steal-clients-personal-details/5121176.article

IRISH LAW SOCIETY REPORT DATA BREACH

In the October edition of the Law Society Gazette it was reported that “In July, the Law Society became aware of a limited data breach in the printed edition of the Law Directory.  The data breach affected approximately 50 people in the printed edition and does not impact the digital version of the Law Directory. Those affected have been contacted, and we have apologised for this breach of their personal data.” 

The Law Society notified the Data Protection Commission and have launched an internal review into how this breach occurred, which will inform the update to their procedures to ensure there is no repeat.  The article sets out the steps they have taken to mitigate the damage.

 

They state “It is the Law Society’s policy to adhere to the lawful processing of all personal data.  The details of the policy are set out in our privacy notices. While the Law Society has operated under the guidance of the GDPR legal framework, this breach indicates that our processes were not sufficiently robust and will be revisited and informed by our internal review.”

To view this article in full see https://www.lawsociety.ie/globalassets/documents/gazette/gazette-pdfs/gazette-2024/october-2024-gazette.pdf#page=13 

DPC ISSUES €310 MILLION FINE ON LINKEDIN

On the 24 October 2024 it was reported that the Irish Data Commission fined LinkedIn €310 million.

The issue mainly related to the lawfulness, fairness and transparency of processing of personal data.

The DPC’s final decision records the following findings of infringement of the GDPR:

  • Article 6 GDPR and Article 5(1)(a) GDPR, insofar as it requires the processing of personal data to be lawful, as LinkedIn:
  • Did not validly rely on Article 6(1)(a) GDPR (consent) to process third party data of its members for the purpose of behavioural analysis and targeted advertising on the basis that the consent obtained by LinkedIn was not freely given, sufficiently informed or specific, or unambiguous.
  • Did not validly rely on Article 6(1)(f) GDPR (legitimate interests) for its processing of first party personal data of its members for behavioural analysis and targeted advertising, or third party data for analytics, as LinkedIn’s interests were overridden by the interests and fundamental rights and freedoms of data subjects.
  • Did not validly rely on Article 6(1)(b) GDPR (contractual necessity) to process first party data of its members for the purpose of behavioural analysis and targeted advertising.
  • Articles 13(1)(c) and 14(1)(c) GDPR, in respect of the information LinkedIn provided to data subjects regarding its reliance on Article 6(1)(a), Article 6(1)(b) and Article 6(1)(f) GDPR as lawful bases.
  • Article 5(1)(a) GDPR, the principle of fairness”.

To view this article in full see https://www.dataprotection.ie/en/news-media/press-releases/irish-data-protection-commission-fines-linkedin-ireland-eu310-million  

NON COMPLIANCE WITH AML REGULATIONS – £13,000 FINE ISSUED ON UK LAW FIRM

On the 23 October 2024 another AML fine was reported on the website of the Law Society of England and Wales. 

A midlands firm has been fined £13,000 after the Solicitors Regulation Authority’s supervision team reviewed 11 client files and found none complying with all anti-money laundering regulations. 

The firm was put on notice that no client and matter risk assessments had been found on any of the inspected files.  It was directed to put in place a compliance plan for risk assessments and review all open matters to ensure they were compliant. This was completed by February this year.

The firm explained that risk assessments had been carried out previously on an informal basis and accepted that these had not been properly documented.  Appropriate AML policies and procedures were now in place and would be adhered to on every new instruction.

The firm admitted failing to meet the required money laundering regulations from 2011 to 2017 by failing to determine the extent of customer due diligence.  Then from 2017 to 2023 it failed to have in place a process to assess the level of risk in client matters.

The SRA said ‘It is not sufficient to say that assessments were being carried out but not documented’.

To view the article in full see https://www.lawgazette.co.uk/news/sra-fines-firm-2-of-turnover-after-aml-spot-check/5121277.article

LAW SOCIETY NORTHERN IRELAND PUBLISHES AML REPORT

The Society for solicitors in Northern Ireland has published its fourth annual report on 31 October 2024, as part of its responsibility as an AML/CTF professional body supervisor and its duty to report information to HM Treasury and the Office for Professional Body Anti-Money Laundering Supervision, under Regulation 46A of the MLRs.  

To view this report see https://www.lawsoc-ni.org/supervisors-annual-report-anti-money-laundering-october-2024 

NORTHERN IRELAND – CONSUMER GUIDE TO BUYING AND SELLING RESIDENTIAL PROPERTY

On the 11 October 2024, the Law Society of Northern Ireland made available an information guide aimed at supporting consumers buying or selling residential property in Northern Ireland.

To view this guide see https://www.lawsoc-ni.org/consumer-guide-to-buying-and-selling-residential-property

LSRA COMPLAINTS REPORT

The 30 October marks the LSRA’s fifth year of its independent handling of complaints about solicitors and barristers.  On 30 October 2024, the Legal Services Regulatory Authority (LSRA) published its second complaints report for 2024.  This 29-page report documents trends, themes and statistics from 2 March 2024 to 6 September 2024 together with its five year statistics.  

 

The five year complaints data published by the LSRA shows it received a total of 7.091 complaints between October 2019 and October 2024, while closing 5,724 complaints.  During this time the LSRA directed legal practitioners to pay a total of €256,996 in compensation to their clients arising out of complaints.  It also directed practitioners to refund or waive a total of €213,148 in professional fees.  In addition, a total of €345,020 in unpaid barristers’ fees were recovered following complaints made to the LSRA by barristers about solicitors.

 

The report looks at the complaint statistics from the last 5 years and sets out the emerging themes from 5 years of complaints, namely:-

  • Communications failures lie at the heart of many complaints
  • High Court enforcement of LSRA’s decisions and directions increases costs of regulation for all
  • Wills and probate generate significant inadequate legal services complaints
  • Too often no good reasons for solicitors’ failures to hand over important client documents
  • Welcome increase in informally resolved complaints

 

It looks at 5 case studies and sets out the categories of the 740 complaints received, relating to the period 2 March 2024 to 6 September 2024:-

  • Misconduct only – 658
  • Inadequate Legal Services only – 190
  • Excessive Costs only – 11
  • Misconduct and Inadequate Legal Services Only – 94
  • Misconduct and Excessive Costs – 6
  • Inadequate Legal Services and Excessive Costs – 46
  • Misconduct, Inadequate Legal Services and Excessive Costs – 35

 

  • Misconduct includes – Bringing the profession into disrepute (251) – Failure to hand over (50) – Failure to communicate (47) – Failure to account for client’s moneys (29) – Fraud or dishonestly (49) – Undertakings (59) – Conflict of Interest (27) – Failure to pay counsels fees (14) – Misleading the court (14) – Other (23) 

 

To view the report in detail see https://www.lsra.ie/wp-content/uploads/2024/10/LSRA-Complaints-Report-2-2024-FINAL-1.pdf 

Recent Comments

    Suite 10027, 26 Upper Pembroke Street Dublin 2

    info@lqsi.ie

    (01) 2343727

    © 2025 THE LQSI.

    error: Content is protected !!