The Victorian Legal Services Board and Commissioner has set out the minimum cybersecurity expectations of practitioners. For those practising privacy law the expectations are well known and, if anything, a very bare minimum. They are a good start. Firms should use this standard as a base upon which they should implement further privacy and cyber security controls which suit the operations of the firm. That means giving thought to what data is gathered, used and stored and the best way of protecting that data.
The Commissioner’s expectations provide:
To help law practices protect their clients’ data and meet their legal and ethical obligations, the following tables set out minimum cybersecurity expectations. They also list examples of unacceptable cybersecurity practices that we consider capable of amounting to unsatisfactory professional conduct (UPC) or professional misconduct (PM).
Law practice principals should use the tables below as a guide to the basic system and behavioural controls you need to implement. This includes the critical system controls without which your practice is most vulnerable. If there are any critical controls that you are yet to implement, these should be your highest priority.
System controls and behavioural controls are two types of cybersecurity measures to protect information systems and data: Read the rest of this entry »
Legal practitioners hold enormous amounts of personal and other sensitive information. They are key targets of hackers. Just ask HWL Ebsworth. It is now the subject of an Information Commissioner investigation.
The Victorian Legal Services Board and Commissioner has set out the minimum cybersecurity expectations of practitioners. For those practising privacy law the expectations are well known and, if anything, a very bare minimum. They are a good start. Firms should use this standard as a base upon which they should implement further privacy and cyber security controls which suit the operations of the firm. That means giving thought to what data is gathered, used and stored and the best way of protecting that data.
The Commissioner’s expectations provide:
To help law practices protect their clients’ data and meet their legal and ethical obligations, the following tables set out minimum cybersecurity expectations. They also list examples of unacceptable cybersecurity practices that we consider capable of amounting to unsatisfactory professional conduct (UPC) or professional misconduct (PM).
Law practice principals should use the tables below as a guide to the basic system and behavioural controls you need to implement. This includes the critical system controls without which your practice is most vulnerable. If there are any critical controls that you are yet to implement, these should be your highest priority.
System controls and behavioural controls are two types of cybersecurity measures to protect information systems and data: Read the rest of this entry »