The Institute of Legal Research & Standards
MAY 2019 – ARTICLES & ITEMS OF INTEREST
TIPS TO ENSURE CONFIDENTIALITY IN THE USE OF TECHNOLOGY
In this month’s Law Society Gazette the Technology Committee has issued a guidance note titled “Quick tips for ensuring confidentiality in the use of technology”.
It discusses: –
(1) Access controls and states how these should be siloed, granted on a need to know basis and managed by a nominated senior staff member.
(2) How attachments should be encrypted, and passwords given by phone, text or separate email.
(3) Both internal correspondence and emails to clients should be encrypted through the use of transport layer security and external correspondence with attachments should have “highly confidential” in the subject line.
(4) All large files of data sets should be sent using applications that provide a number of security features including encryption and password protection.
(5) Firms should have a security policy in place for the use of electronic devices outside of the office, at a minimum they should be password protected and locked at all times when not in use.
(6) Firms should have ‘follow you printing’ in place so that print jobs are only collected from the printer by the person who sent them.
(7) Firms should use local administrative access.
(8) Firms should have in place desktop encryption.
This article expands on the points (1) to (8) above, to view this article in full see https://www.lawsociety.ie/globalassets/documents/gazette/gazette-pdfs/gazette-2019/may-2019-gazette.pdf#page=58
STEPS OUTLINED TO AVOID CONFLICT OF INTEREST
The Law Society’s Guidance and Ethics Committee have issued a guidance note titled “Ten steps to avoid conflict of interest”. This note sets out the legislation relating to conflict of interest, the 4 exceptions to the regulations and situations where the regulations do not apply and also sets out situations where the regulations do apply. Firms should familiarise themselves with this guidance note.
To view this guidance note see https://www.lawsociety.ie/globalassets/documents/gazette/gazette-pdfs/gazette-2019/may-2019-gazette.pdf#page=59
REGISTRY OF BENEFICIAL OWNERSHIP (RBO) WEBSITE NOW LAUNCHED
The website for the registry of beneficial ownership has now launched. Filing of beneficial ownership with the RBO must be done through an online portal which will open on this new website on the 22ndJune.
The website address is https://rbo.gov.ie/
GDPR – ONE YEAR ON
Helen Dixon has been reappointed for a second term as the Data Protection Commissioner.
On the first anniversary of the GDPR Helen Dixon reflected on the first year of the GDPR and stated: –
“The GDPR has given rise to a significant increase in contacts with the DPC over the past 12 months:
- 6,624 complaints were received.
- 5,818 valid data security breaches were notified.
- Over 48,000 contacts were received through the DPC’s Information and Assessment Unit.
- 54 investigations were opened – 35 of these are non cross-border investigations and 19 are cross-border investigations into multinational technology companies and their compliance with the GDPR.
- 1,206 Data Protection Officer notifications were received.
- Staffing numbers increased from 85 at the end of 2017 to 137 in May 2019.”
To view her press release in full see https://www.dataprotection.ie/en/news-media/press-releases/data-protection-commission-reflects-first-year-gdpr
SERIES OF AML Q & A’s
The Law Society of England and Wales have set out in an article three very relevant AML scenarios and answers complied by their Practice Advice Service.
DOES YOUR FIRM TRANSFER PERSONAL DATA OUTSIDE THE EEA?
In the Spring Edition of the Parchment Carol Lennon reviews the safeguards firm’s need to put in place when transferring personal data outside of the EEA to a third country.
To view this article see https://issuu.com/256media/docs/parchment_spring_2019-flipbook?e=16581915/69459244
PARENTAL LEAVE (AMENDMENT) ACT 2019
The Parental Leave (Amendment) Act 2019 was signed into law on the 22ndMay 2019 and is expected to be commenced by statutory instrument by this summer.
The Act extends the duration and applicability of parental leave. The Government has said it will introduce a phased introduction of eight weeks additional parental leave. The Act will allow the introduction of an extra 4 weeks parental leave from this September and an additional 4 weeks from September 2020. It also increases the age of the child for which parental leave is available from 8 to 12 years.
For more information on same see http://www.irishstatutebook.ie/eli/2019/act/11/enacted/en/html and the article which appeared in the Irish Times on the 6thMay https://www.irishtimes.com/news/politics/unpaid-parental-leave-to-increase-to-26-weeks-1.3882803.
IS YOUR FIRM AWARE HOW TO RESPOND TO A CYBER-ATTACK?
In this month’s Gazette Gordon Smith reports on a recent conference that took place in Dublin on cybercrime and how firm’s need to accept that breaches will happen but that they need to put work into planning their recovery after an attack.
Firms need to ask themselves are they prepared for a cyber-attack or business interruption.
Brian Krebs an investigate journalist spoke about how cybercrime is on the rise and stated “It becomes a daily occurrence that companies announce that cybercriminals have stolen intellectual property or customer data. We’re talking about hundreds of millions of data parts.” He also said, “Companies need to get better at detecting incidents faster and rehearsing their response procedures.”
Dr. Jessica Barker spoke of the threat to law firms stating, “The cybersecurity industry is very focused on technical measures to defend against cybercrime, so attackers have moved to targeting the human element.” She says spear-phishing emails is a big issue with law firms to be mindful of, i.e. emails that look like they are from a supplier, client, partner etc. Awareness should be raised amongst staff. Staff should be provided with safe demonstrations of what happens when an attack happens. Firms need to look at themselves through an attacker’s eyes.
Stephen O’Boyle the global head of professional services at BSI cybersecurity and information resilience division said that “advance preparation is the key part of incident response. That means conducting regular drills to test the plan.”
To view this article in full see https://www.lawsociety.ie/globalassets/documents/gazette/gazette-pdfs/gazette-2019/may-2019-gazette.pdf#page=21