How secure is my client’s data?
As any lawyer knows, data security is a huge concern to clients, and it is an area that
all Litigation Support vendors should have resources dedicated to. As, in order to ensure that the most robust
data protection and information processes are in place, this must be underpinned by a rigorous physical security process.
Make sure you’ve read part one to this blog here.
Due to the confidential nature of work that any eDiscovery vendor undertakes, they should hold a
number of certifications regarding Data Security which are complemented by comprehensive
internal company policies.
Certifications regarding data security
One of the most important is the internationally recognised
ISO 27001 certificate, which encompasses company security policy, asset management, physical and
environmental security, access control, security incident management and compliance.
The ISO 9001 certificate in Management Systems is also extremely important certification and
ensures that companies are complying with industry standards regarding internal policies, records,
auditing and have sufficient business continuity systems in place. Each member of the delivery team
should work within the ISO 9001 recognised standards to ensure continuity of service and to ensure
that clients data remains secure.
Fines of data breaches
It is important to understand the consequences that may be applied by the various regulatory bodies
if there is a breach of these and other standards. For example, under the UK’s Data Protection Act,
the maximum fine for companies for data breaches was £500.000. Since the EU’s GDPR came in to
force on 25 May 2018, companies can now be fined a penalty of up to 4 per cent turnover. In July
2019, the ICO flexed its GDPR enforcement muscles for the first time. British Airways is facing a
record fine of £183m for last year’s data leakage (1.5 per cent of its turnover), and it was revealed
that hotel chain Marriott would be fined £99m (3 per cent).
Other large fines included a £385,000 against Uber, relating to a security incident affecting the
personal data of 2.7 million users and 82,000 drivers, and a £325,000 fine against the Crown
Prosecution Service for losing unencrypted DVDs containing recordings of police interviews.
Yahoo! UK Services Ltd were also fined a £250,000 penalty relating to a breach affecting the data of
approximately 500 million users worldwide.
How secure is Altlaw?
Aside from the ISO certifications, Altlaw also holds a certificate in Cyber Essentials, a Government-
backed, industry-supported scheme to help organisations protect themselves against common
online threats. In holding this certificate, we demonstrate to our customers and supply chain that
Altlaw have considered security controls and are working in a safe and secure environment.
We would also recommend that as a custodian of client data a UK based eDiscovery vendor should
also be a member of the Information Commissioner’s Office. This enables companies, such as Altlaw,
to keep up to date with changes in legislation and other industry news/best practice which affects
this vital part of our business.
Don’t hesitate to contact us today if you have any questions or interest in our eDiscovery services