*/
On 23 March 2020, when the Prime Minister announced that ‘people will only be allowed to leave their home for very limited purposes’, there was a myriad of possibilities available to the Bar which fell in the continuum between two stark options: give up; or carry on.
Whether it was bravery, pragmatism or necessity which drove courts, tribunals, chambers, and solicitors’ firms to enthusiastically adopt remote working, the impact is clear: things will never be the same. We shall continue to ‘work from home’, and as much of the legal profession surrenders leases to downsize its office footprint, the advantages of virtual conferences and hearings will be firmly grasped. We will all be required to develop a space from which we can efficiently and, most importantly, securely work.
So, what are the considerations for a secure virtual space? What risks arise from working at home which were not present when cloistered in chambers? And what are the impacts and liabilities from failing to meet the requisite standards?
While the thought of becoming a barrister/IT professional may be daunting to some, the considerations that now apply in this brave new world are similar (in fact they are almost identical) to the issues that chambers faced in 2019. The only difference is that now each individual barrister must seize the mantel rather than delegating their personal responsibility to the designated ‘IT genius’ or ‘tech wiz’.
The consequence of this is that every barrister, whether employed or in chambers in 2019, knows through their work someone who is able to help or assist with setting up their virtual office. If, in 2019, chambers had a data protection officer (DPO) then this person will be able to point you towards the ‘appropriate technical and organisational measures’ which must apply in your home work space. If it was the company or firm’s IT department that set up your office network, then this department should be available to address the technical security considerations which will apply to remote working.
However, those working at the self-employed Bar will be registered, as an individual, with the Information Commissioner’s Office, and will be personally liable for any fine (up to €20m) that could result from a personal data breach. Employed barristers must ensure that their workplace is secure as part of their employment contract. Therefore, this article sets out five practical steps to achieving data protection and security when working remotely.
Encryption was a prerequisite to secure data management before the coronavirus outbreak so many work laptops/desktops will already be encrypted. Apple products come with encryption by default (FileVault). To check whether your iMac is encrypted simply go to ‘System Preferences’. If your iMac is not encrypted with FileVault, choose Apple menu > System Preferences, click Security & Privacy, then click FileVault. Open the FileVault pane, and Click Turn On FileVault. You might be asked to enter your password. Choose how to unlock your disk and reset your login password if you forget it: click Continue. It really is very straightforward.
If available, encrypting a device running Windows 10 is not significantly more difficult than with Apple’s FileVault. However, encryption is not necessarily installed by default, and Windows 10 Home edition will not have BitLocker, the Microsoft equivalent to FileVault.
To turn on device encryption on Windows, sign in with an administrator account. Select the Start button, then select Settings > Update & Security > Device encryption. If Device encryption does not appear then it is unavailable but you may be able to use standard BitLocker encryption instead. If encryption is available, open device encryption setting and turn encryption to ‘on’.
Standard BitLocker encryption can be accessed through the search box on the taskbar. Type ‘Manage BitLocker’ and then select it from the list of results. Alternatively, this can be accessed through Control Panel, selecting System and Security. Once you have accessed BitLocker, select ‘Turn on BitLocker’ and follow the instructions.
When working from home it may be tempting to use the desktop which is set up in the living room rather than sitting on a sofa or bed with a laptop on your knees. While ergonomically a desk with a proper office chair is advisable, shared computers must have separate account spaces for each user; and your account should be the only one with administrator access. Confidentiality is also essential, particularly in remote conferences or hearings. Screens should not be visible and access should be locked, whether by closing a laptop or putting a desktop into ‘sleep’, whenever you step away from your machine.
Virus software and operating systems should be regularly updated if the computer is being used by multiple people. A shared computer is more susceptible to malware and viruses as there are likely to be separate email accounts to be targeted by phishing emails. Further, downloaded files (eg games, music, video) from public websites are more likely to include malicious software than Word or Excel files from trusted sources.
While Zoom may be the perfect app for the online pub quiz with the extended family and friends, the terms of service provide Zoom with the authority to record anything captured within a Zoom meeting: ‘Recordings: You are responsible for compliance with all recording laws. The host can choose to record Zoom meetings and Webinars. By using the Services, you are giving Zoom consent to store recordings for any or all Zoom meetings or webinars that you join, if such recordings are stored in our systems. You will receive a notification (visual or otherwise) when recording is enabled. If you do not consent to being recorded, you can choose to leave the meeting or webinar.’
It is highly likely that your instructing solicitor or employer will have a preferred video conferencing application. However, if not, Microsoft Teams or Skype are easy options which maintain confidentiality.
Many chambers or employers will automatically back up files to a specific server whether you are on the premises or remote working. If that is the case, ensure that your home broadband is sufficient to allow for regular back-ups while you are able to continue to work. Inadequate bandwidth may mean that you have to back-up at less regular intervals. Contact your IT administrator to arrange this if it cannot be completed locally.
If you are not able to back-up to a central server, then arrange for an alternative approach. Whether you opt for a physical back-up to a separate hard-drive or a cloud-based option will likely depend on how long you intend to remain working remotely. A cloud-based approach is more flexible but does come with additional security risk. For example, using a cloud service which maintains servers in the US will not be compliant with GDPR.
The online environment is the essence of remote working but physical security is equally important. If you choose to back up to an external hard drive, this must be kept securely. Similarly, physical documents which are confidential, or to which privilege applies, must be kept in a locked filing cabinet, at least, with secure rooms and house alarms also worth consideration.
The Bar Council has provided detailed guidance on secure working in the context of COVID-19 (Data protection and security when working from home). In anticipation of a continued pattern of working at home, review the guidance which is available because the best advice is to act now to avoid problems in the future.
On 23 March 2020, when the Prime Minister announced that ‘people will only be allowed to leave their home for very limited purposes’, there was a myriad of possibilities available to the Bar which fell in the continuum between two stark options: give up; or carry on.
Whether it was bravery, pragmatism or necessity which drove courts, tribunals, chambers, and solicitors’ firms to enthusiastically adopt remote working, the impact is clear: things will never be the same. We shall continue to ‘work from home’, and as much of the legal profession surrenders leases to downsize its office footprint, the advantages of virtual conferences and hearings will be firmly grasped. We will all be required to develop a space from which we can efficiently and, most importantly, securely work.
So, what are the considerations for a secure virtual space? What risks arise from working at home which were not present when cloistered in chambers? And what are the impacts and liabilities from failing to meet the requisite standards?
While the thought of becoming a barrister/IT professional may be daunting to some, the considerations that now apply in this brave new world are similar (in fact they are almost identical) to the issues that chambers faced in 2019. The only difference is that now each individual barrister must seize the mantel rather than delegating their personal responsibility to the designated ‘IT genius’ or ‘tech wiz’.
The consequence of this is that every barrister, whether employed or in chambers in 2019, knows through their work someone who is able to help or assist with setting up their virtual office. If, in 2019, chambers had a data protection officer (DPO) then this person will be able to point you towards the ‘appropriate technical and organisational measures’ which must apply in your home work space. If it was the company or firm’s IT department that set up your office network, then this department should be available to address the technical security considerations which will apply to remote working.
However, those working at the self-employed Bar will be registered, as an individual, with the Information Commissioner’s Office, and will be personally liable for any fine (up to €20m) that could result from a personal data breach. Employed barristers must ensure that their workplace is secure as part of their employment contract. Therefore, this article sets out five practical steps to achieving data protection and security when working remotely.
Encryption was a prerequisite to secure data management before the coronavirus outbreak so many work laptops/desktops will already be encrypted. Apple products come with encryption by default (FileVault). To check whether your iMac is encrypted simply go to ‘System Preferences’. If your iMac is not encrypted with FileVault, choose Apple menu > System Preferences, click Security & Privacy, then click FileVault. Open the FileVault pane, and Click Turn On FileVault. You might be asked to enter your password. Choose how to unlock your disk and reset your login password if you forget it: click Continue. It really is very straightforward.
If available, encrypting a device running Windows 10 is not significantly more difficult than with Apple’s FileVault. However, encryption is not necessarily installed by default, and Windows 10 Home edition will not have BitLocker, the Microsoft equivalent to FileVault.
To turn on device encryption on Windows, sign in with an administrator account. Select the Start button, then select Settings > Update & Security > Device encryption. If Device encryption does not appear then it is unavailable but you may be able to use standard BitLocker encryption instead. If encryption is available, open device encryption setting and turn encryption to ‘on’.
Standard BitLocker encryption can be accessed through the search box on the taskbar. Type ‘Manage BitLocker’ and then select it from the list of results. Alternatively, this can be accessed through Control Panel, selecting System and Security. Once you have accessed BitLocker, select ‘Turn on BitLocker’ and follow the instructions.
When working from home it may be tempting to use the desktop which is set up in the living room rather than sitting on a sofa or bed with a laptop on your knees. While ergonomically a desk with a proper office chair is advisable, shared computers must have separate account spaces for each user; and your account should be the only one with administrator access. Confidentiality is also essential, particularly in remote conferences or hearings. Screens should not be visible and access should be locked, whether by closing a laptop or putting a desktop into ‘sleep’, whenever you step away from your machine.
Virus software and operating systems should be regularly updated if the computer is being used by multiple people. A shared computer is more susceptible to malware and viruses as there are likely to be separate email accounts to be targeted by phishing emails. Further, downloaded files (eg games, music, video) from public websites are more likely to include malicious software than Word or Excel files from trusted sources.
While Zoom may be the perfect app for the online pub quiz with the extended family and friends, the terms of service provide Zoom with the authority to record anything captured within a Zoom meeting: ‘Recordings: You are responsible for compliance with all recording laws. The host can choose to record Zoom meetings and Webinars. By using the Services, you are giving Zoom consent to store recordings for any or all Zoom meetings or webinars that you join, if such recordings are stored in our systems. You will receive a notification (visual or otherwise) when recording is enabled. If you do not consent to being recorded, you can choose to leave the meeting or webinar.’
It is highly likely that your instructing solicitor or employer will have a preferred video conferencing application. However, if not, Microsoft Teams or Skype are easy options which maintain confidentiality.
Many chambers or employers will automatically back up files to a specific server whether you are on the premises or remote working. If that is the case, ensure that your home broadband is sufficient to allow for regular back-ups while you are able to continue to work. Inadequate bandwidth may mean that you have to back-up at less regular intervals. Contact your IT administrator to arrange this if it cannot be completed locally.
If you are not able to back-up to a central server, then arrange for an alternative approach. Whether you opt for a physical back-up to a separate hard-drive or a cloud-based option will likely depend on how long you intend to remain working remotely. A cloud-based approach is more flexible but does come with additional security risk. For example, using a cloud service which maintains servers in the US will not be compliant with GDPR.
The online environment is the essence of remote working but physical security is equally important. If you choose to back up to an external hard drive, this must be kept securely. Similarly, physical documents which are confidential, or to which privilege applies, must be kept in a locked filing cabinet, at least, with secure rooms and house alarms also worth consideration.
The Bar Council has provided detailed guidance on secure working in the context of COVID-19 (Data protection and security when working from home). In anticipation of a continued pattern of working at home, review the guidance which is available because the best advice is to act now to avoid problems in the future.
Sam Townend KC explains the Bar Council’s efforts towards ensuring a bright future for the profession
Giovanni D’Avola explores the issue of over-citation of unreported cases and the ‘added value’ elements of a law report
Louise Crush explores the key points and opportunities for tax efficiency
Westgate Wealth Management Ltd is a Partner Practice of FTSE 100 company St. James’s Place – one of the top UK Wealth Management firms. We offer a holistic service of distinct quality, integrity, and excellence with the aim to build a professional and valuable relationship with our clients, helping to provide them with security now, prosperity in the future and the highest standard of service in all of our dealings.
Is now the time to review your financial position, having reached a career milestone? asks Louise Crush
If you were to host a dinner party with 10 guests, and you asked them to explain what financial planning is and how it differs to financial advice, you’d receive 10 different answers. The variety of answers highlights the ongoing need to clarify and promote the value of financial planning.
Most of us like to think we would risk our career in order to meet our ethical obligations, so why have so many lawyers failed to hold the line? asks Flora Page
If your current practice environment is bringing you down, seek a new one. However daunting the change, it will be worth it, says Anon Barrister
Creating advocacy opportunities for juniors is now the expectation but not always easy to put into effect. Tom Mitcheson KC distils developing best practice from the Patents Court initiative already bearing fruit
National courts are now running the bulk of the world’s war crimes cases and corporate prosecutions are part of this growing trend, reports Chris Stephen
Sam Townend KC explains the Bar Council’s efforts towards ensuring a bright future for the profession