Confidential legal files found in accessible bin in a public place highlights a poor data security culture.

October 30, 2017 |

Law firms are a particularly attractive target for hackers.  Legal offices usually hold a rich trove of clients’ confidential information, banking details, data from third parties such as witnesses and experts provides enough personal information for identity theft.  Last week the Telegraph reported on a law firm in Bermuda being hacked and client’s sensitive data being accessed.  Today’s Age in Dozens of confidential legal files found dumped outside Melbourne law firm reports on confidential information being found in an unsecured recycling bin in the Central Business District.  The story reports that a wide range of highly sensitive documents, in paper and cassette form, were easily accessible on a kerb near William and Little Lonsdale Street, a very busy thoroughfare.  Interestingly the regulator who is reported to be the primarily interested in the likely data breach is the Victorian Legal Services Commissioner.  No doubt that regulator has jurisdiction to investigate.  But it is a data breach and assuming the law firm is not a small business for the purpose of the Privacy Act, a likely occurence given that the firm probably has an annual turnover of $3 million, the Privacy Commissioner would have jurisdiction and should investigate.  He probably won’t if history is any guide.  A failure to properly store and, when appropriate, physical records is an important part of data security.  And it is often poorly handled.  For example in  Terror threat as Heathrow Airport security files found dumped in the street a USB stick storing unencrypted data of maps, videos and documents relating to security at Heathrow Airport in the United Kingdom was dound on a street.

The Age article provides:

A Melbourne law firm could face investigation after dozens of confidential files were found dumped in an unsecured recycling bin in the CBD.

The bin was overflowing with private documents including  medical reports, a police record-of-interview, copies of cheques, income tax statements, land title records and settlement deeds from lawsuits.

There were also transcripts of audio recordings of a meeting involving senior executives of a former trade union.

A former union official was facing disciplinary action after allegedly stealing cassette tapes that contained recordings of branch committee meetings.

The official was also accused by the union of attempting to “procure an assault”, before the dispute was eventually resolved with a financial settlement that was intended to remain confidential.

Other files name a client who was being sued over a debt and had become agitated by the legal process. 

In a file note, a solicitor warns: “he was indicating to us he had intentions of shooting and stabbing people. I explained to him that anything like that would be extremely stupid. He was quite surprised that I called him stupid.”

Most of the documents were marked with the letterhead of JN Zigouras & Co Lawyers, but the files also included correspondence from some of Melbourne’s most prominent law firms along with WorkCare, the Transport Accident Commission and the Legal Aid Commission. Many of the files date back to the 1980s and 1990s. 

The unlocked recycling bin was left on a kerb near the intersection of William and Little Lonsdale streets in the heart of Melbourne’s legal precinct.

JN Zigouras & Co Lawyers, which was founded by solicitor John Zigouras in 1964, occupies office space in a building at 271 William Street.

Mr Zigouras, who specialises in worker’s compensation cases, native title and tort law, did not respond to repeated requests for comment. 

A spokesman for acting Victorian Legal Services Commissioner Russell Daily said he was unable to confirm if the matter would be investigated.

“While our legislation prevents me from being able to discuss what we are doing about this particular matter, I can tell you that lawyers have an obligation to maintain their clients’ confidentiality at all times. 

“Disposal of client files containing personal and/or sensitive information in an unsecure manner, regardless of the age of the files, may be a breach of that obligation,” the spokesman said.

The Legal Services Board has previously issued warnings to practitioners about their legal obligations regarding the disposal of files containing private information.

“Please discharge your responsibilities of confidentiality by handling documents with care and attention, and disposing of the personal information of your clients securely and lawfully. It is vitally important that the whole practice is aware of this responsibility, including administration staff. Their mistakes become the lawyers’ responsibilities.”

One Response to “Confidential legal files found in accessible bin in a public place highlights a poor data security culture.”

  1. Confidential legal files found in accessible bin in a public place highlights a poor data security culture. | Australian Law Blogs

    […] Confidential legal files found in accessible bin in a public place highlights a poor data security c… […]

Leave a Reply

Verified by MonsterInsights