August 2020 Update
The Institute of Legal Research & Standards
AUGUST 2020 – ARTICLES & ITEMS OF INTEREST
LAW SOCIETY ADVISES ON RISK MANAGEMENT TO KEEP PII COSTS DOWN
On the 21st August an article appeared on the Law Society of Ireland’s website titled “Risk Management advice to keep down PII costs” in a climate where premiums are likely to increase for the 2020/21 renewal date.
Michele O’Boyle, Law Society President stated “It is clear that the impact of COVID-19, among other factors is expected to have a profound effect on insurers’ investment return, claims and loss of business………..there is a concern in the market that claims will increase in 2020/2021 due to the COVID-19 lockdown………..this makes solicitors’ PII an unattractive market for insurers”.
The article states insurers are increasingly focused on firms’ risk management policies and procedures as an indicator of the risk profile of the firm and advises firms to put the following measures in place and report on them in their common proposal form to insurers when renewing:-
- A full risk audit of your firm, especially checking problem areas that can give rise to claims, such as register of undertakings, letters of engagement, and problem files,
- Training of your solicitor and non-solicitor staff in risk management, including cybersecurity,
- Robust cybersecurity measures, especially in the area of multiple checks on receiving and providing bank-account details, including obtaining professional advices on same where appropriate.
To view the article in full see https://www.lawsociety.ie/gazette/top-stories/risk-management-advice-to-keep-down-pii-costs/
INTERPOL ADVISE ON LATEST CYBERCRIMINAL ACTIVITY
On the 4th of August, the Law Society produced an article titled “Cybercriminal exploiting COVID-19 fears – Interpol”.
In the article Interpol warn that cybercriminals are exploiting COVID-19 fears as well as the increased number of people working from home. They state cyberattacks are on the increase at an alarming rate, the focus is shifting from individuals and small business to major corporations, government bodies and critical infrastructure.
They state, “with organisations and businesses rapidly deploying remote systems and networks to support staff working from home, criminals are taking advantage of increased security vulnerabilities to steal data, generate profits and cause disruption”.
In the four-month period from January to April, one of the body’s private sector partners found around 907,000 spam messages, 737 incidents related to malware and 48,000 malicious URLs – all related to COVID-19.
Cybercriminals are using COVID-19 themed phishing emails, often impersonating government and health authorities and the police body have noted a significant increase in the amount of domain names with keywords such as ‘coronavirus’ or ‘COVID’ being registered by cybercriminals.
To view this article in full see https://www.lawsociety.ie/gazette/top-stories/cybercriminals-exploiting-covid-19-fears–interpol/
NEW YORK LAW FIRM HACKED
In the latest summer edition of the Parchment, Greg Ryan has written an article titled “Hacked and held to Ransom”. This article details the latest high profile data theft on a New York Law Firm where a group of hackers calling themselves REvil took down their website and claimed to have taken 756 gigabytes of data including personal data on celebrities like Madonna and Sir Elton John. REvil deleted or encryted the law firms’ backups. Hence the only way to regain access is to pay the requested amount.
Partners in the law firm issued a press release commenting “Despite our substantial investment in state-of-the-art technology security, foreign cyber terrorists have hacked into our network and are demanding $42 million ransom”.
A threat analyst said such ransomware attacks are increasing and added companies faced with such a situation have no good option available to them, non-payment of the demand will result in the information being made public and payment will simply give you a ‘pinky promise’ from criminals that the stolen data will be deleted.
The article also discusses another REvil attack on a London based company called Travelex which forced them to turn off all computer systems and return to pen and paper.
He states as “COVID-19 ravages the world and its economy the software specialists grow ever more serious about such threats. According to officials’ hackers have even more opportunities to enter and harm online processes now as more people are staying and working from home”.
Microsoft is on the watch and giving heads up to institutions who might suffer the same danger. Several dozens of hospitals with vulnerable gateway and VPN appliances have been identified.
To read this article in full https://issuu.com/256media/docs/parchment_summer_2020-flipbook?fr=sYjNlNDE1MTY1NA
SAFE RETURN TO THE OFFICE – TOOLKIT FOR FIRMS
The Law Society (UK) has developed a practical framework for law firms and sole practitioners on returning to the office based on the UK governments guidance for Offices in England on working safely during coronavirus (COVID-19).
To view the “Safe Return to the office – Toolkit for firms” see https://www.lawsociety.org.uk/topics/coronavirus/safe-return-to-the-office-toolkit-for-firms
ICO – RESEARCH & CONFIDENCE RELATING TO DATA PROTECTION RIGHTS
The Information Commissioners’ Office UK has published a 39-page report titled “Information Rights Strategic Plan – Trust and Confidence”
The report is based on a survey of 2000 people and the research aims to help understand what people think about data protection and freedom of information as well looking at peoples’ awareness of their rights and how people utilise them.
COVID-19 TRACK & TRACE – PRACTICE DIRECTION
In the interest of public health and the health of all those involved in the administration of justice, the solicitor on record for any party to an application or proceeding the subject matter of a corporeal hearing shall: –
- Obtain from ALL persons attending Court on behalf of the party whom they represent their contact details;
- Seek their consent to the retention and the delivery up to the HSE of that information if so requested; and
- Upon obtaining such consent for the retention of such information, the solicitor shall keep the said information safe and available for a period of 4 weeks following the said application or proceeding and thereafter ensure safe disposal of same in accordance with Data Protection Regulations.
The above applies to the Circuit Court with effect from the 31st August 2020 and until further notice and applies to the High Court with effect from the 1st September 2020 and until further notice.
To view this practice direction see https://www.courts.ie/news/circuit-court-and-high-court-notice-regarding-contact-tracing-effect-31st-august-2020