Our Practice Advice Service answers some commonly asked questions by Compliance Officers for Legal Practice (COLPs)
I am a sole practitioner and often work remotely using a password-protected personal laptop. I use a case management system so all client-sensitive information is stored securely and confidentially. However, for all client-related work, an IT company provides me with a separate remote server accessed via a portal which is very expensive. Is a remote server essential?
The Law Society’s guide on cybersecurity for solicitors indicates “the level of security (or protection) you need for your data depends on the risks involved in your processing”. The section on ‘Cloud computing’ outlines the benefits of having this service from a third party supplier.
With cloud computing, “data is stored on remote servers and accessed through the internet instead of your computer’s hard drive. These servers are managed by a third-party supplier, who’s also responsible for the security of the data it holds”.
Standard professional indemnity insurance does not cover “your costs and losses if you experience a data breach or cyber attack”. You should discuss the cybersecurity issue with your professional indemnity insurer to check their requirements and cover available.
If you are to keep all your data on one laptop, you will need to mitigate the risk of theft, loss or failure of the laptop. Therefore, it may be prudent to have a remote server.
For further information, please see the Law Society’s guide on Cybersecurity for solicitors and the Practice note on Cloud computing.
While every effort has been made to ensure the accuracy of the information in this article, it does not constitute legal advice and cannot be relied upon as such. The Law Society does not accept any responsibility for liabilities arising as a result of reliance upon the information given.
This article is compiled by the Law Society’s Practice Advice Service. Comments relating to the questions should be sent to practiceadvice@lawsociety.org.
