In planning this piece on the Legal Services Operational Privacy Certification Scheme, snappily known as LOCS, I decided I needed a memorable analogy to describe the challenges presented to the legal sector by data protection regulation.
Step away from the IT for a second and think back to the 1980s. (If this carbon-dates me, then ask your parents, perhaps your grandparents about this watershed moment.) In 1983, wearing seatbelts in the UK became law. Since then, the number of deaths in car crashes has been reduced by 45% and severe injuries have reduced by 50%.
So, the curious question is why, despite the obvious risks of not being ‘belted up’ and the benefits of doing so, it took legislation to embed (and enforce) the habit amongst UK drivers and passengers.
You might not benefit from wearing a seatbelt for years, hopefully your entire lifetime, but there are thousands of individuals who are glad of the day they heeded the warning and followed the ruling. Remember, a crash might not necessarily be down to your driving. Another driver, the environment, or mechanical failure might cause you to be grateful for your seatbelt in a moment of need.
There are many reasons why people don’t subscribe to regulations - some refuse because the risk will not happen to them; they don’t like to be told what to do; they know better; it’s a government conspiracy, or frankly they are daft in the face of undeniable risk.
So, with the seatbelt metaphor in mind, let’s think about the data loss equivalent of a car crash. It could look like this: damage to your firm’s reputation as you fail to safeguard personable identifiable information; a hefty fine from the Information Commissioner’s Office (ICO), of 4% of your turnover for the previous year; damage to your firm’s reputation and loss of customers.
So, the recent announcement by the ICO of the Legal Services Operational Privacy Certification Scheme (LOCS) will bring comfort to some and angst to others, but rather like seatbelt legislation it’s designed to regulate behaviour and limit damage.
LOCS is a certification scheme aimed at legal service providers who process personal data. It’s one of a series of certification schemes, introduced under the UK GDPR, to help organisations demonstrate compliance with data protection requirements and in turn, inspire trust and confidence in the people who use their products, processes and services.
Emily Keaney, ICO Deputy Commissioner, advises that legal service providers, such as law firms and barristers’ chambers, process large amounts of sensitive personal data. Signing up to this certification scheme will provide them with certainty that they are adhering to data protection standards and reduce time and resource spent assessing third party data processors.
She also asserts that adherence to LOCS will reassure clients that their legal service providers are committed to looking after their personal details and have strong information security in place.
