*/
On 23 March 2020, when the Prime Minister announced that ‘people will only be allowed to leave their home for very limited purposes’, there was a myriad of possibilities available to the Bar which fell in the continuum between two stark options: give up; or carry on.
Whether it was bravery, pragmatism or necessity which drove courts, tribunals, chambers, and solicitors’ firms to enthusiastically adopt remote working, the impact is clear: things will never be the same. We shall continue to ‘work from home’, and as much of the legal profession surrenders leases to downsize its office footprint, the advantages of virtual conferences and hearings will be firmly grasped. We will all be required to develop a space from which we can efficiently and, most importantly, securely work.
So, what are the considerations for a secure virtual space? What risks arise from working at home which were not present when cloistered in chambers? And what are the impacts and liabilities from failing to meet the requisite standards?
While the thought of becoming a barrister/IT professional may be daunting to some, the considerations that now apply in this brave new world are similar (in fact they are almost identical) to the issues that chambers faced in 2019. The only difference is that now each individual barrister must seize the mantel rather than delegating their personal responsibility to the designated ‘IT genius’ or ‘tech wiz’.
The consequence of this is that every barrister, whether employed or in chambers in 2019, knows through their work someone who is able to help or assist with setting up their virtual office. If, in 2019, chambers had a data protection officer (DPO) then this person will be able to point you towards the ‘appropriate technical and organisational measures’ which must apply in your home work space. If it was the company or firm’s IT department that set up your office network, then this department should be available to address the technical security considerations which will apply to remote working.
However, those working at the self-employed Bar will be registered, as an individual, with the Information Commissioner’s Office, and will be personally liable for any fine (up to €20m) that could result from a personal data breach. Employed barristers must ensure that their workplace is secure as part of their employment contract. Therefore, this article sets out five practical steps to achieving data protection and security when working remotely.
Encryption was a prerequisite to secure data management before the coronavirus outbreak so many work laptops/desktops will already be encrypted. Apple products come with encryption by default (FileVault). To check whether your iMac is encrypted simply go to ‘System Preferences’. If your iMac is not encrypted with FileVault, choose Apple menu > System Preferences, click Security & Privacy, then click FileVault. Open the FileVault pane, and Click Turn On FileVault. You might be asked to enter your password. Choose how to unlock your disk and reset your login password if you forget it: click Continue. It really is very straightforward.
If available, encrypting a device running Windows 10 is not significantly more difficult than with Apple’s FileVault. However, encryption is not necessarily installed by default, and Windows 10 Home edition will not have BitLocker, the Microsoft equivalent to FileVault.
To turn on device encryption on Windows, sign in with an administrator account. Select the Start button, then select Settings > Update & Security > Device encryption. If Device encryption does not appear then it is unavailable but you may be able to use standard BitLocker encryption instead. If encryption is available, open device encryption setting and turn encryption to ‘on’.
Standard BitLocker encryption can be accessed through the search box on the taskbar. Type ‘Manage BitLocker’ and then select it from the list of results. Alternatively, this can be accessed through Control Panel, selecting System and Security. Once you have accessed BitLocker, select ‘Turn on BitLocker’ and follow the instructions.
When working from home it may be tempting to use the desktop which is set up in the living room rather than sitting on a sofa or bed with a laptop on your knees. While ergonomically a desk with a proper office chair is advisable, shared computers must have separate account spaces for each user; and your account should be the only one with administrator access. Confidentiality is also essential, particularly in remote conferences or hearings. Screens should not be visible and access should be locked, whether by closing a laptop or putting a desktop into ‘sleep’, whenever you step away from your machine.
Virus software and operating systems should be regularly updated if the computer is being used by multiple people. A shared computer is more susceptible to malware and viruses as there are likely to be separate email accounts to be targeted by phishing emails. Further, downloaded files (eg games, music, video) from public websites are more likely to include malicious software than Word or Excel files from trusted sources.
While Zoom may be the perfect app for the online pub quiz with the extended family and friends, the terms of service provide Zoom with the authority to record anything captured within a Zoom meeting: ‘Recordings: You are responsible for compliance with all recording laws. The host can choose to record Zoom meetings and Webinars. By using the Services, you are giving Zoom consent to store recordings for any or all Zoom meetings or webinars that you join, if such recordings are stored in our systems. You will receive a notification (visual or otherwise) when recording is enabled. If you do not consent to being recorded, you can choose to leave the meeting or webinar.’
It is highly likely that your instructing solicitor or employer will have a preferred video conferencing application. However, if not, Microsoft Teams or Skype are easy options which maintain confidentiality.
Many chambers or employers will automatically back up files to a specific server whether you are on the premises or remote working. If that is the case, ensure that your home broadband is sufficient to allow for regular back-ups while you are able to continue to work. Inadequate bandwidth may mean that you have to back-up at less regular intervals. Contact your IT administrator to arrange this if it cannot be completed locally.
If you are not able to back-up to a central server, then arrange for an alternative approach. Whether you opt for a physical back-up to a separate hard-drive or a cloud-based option will likely depend on how long you intend to remain working remotely. A cloud-based approach is more flexible but does come with additional security risk. For example, using a cloud service which maintains servers in the US will not be compliant with GDPR.
The online environment is the essence of remote working but physical security is equally important. If you choose to back up to an external hard drive, this must be kept securely. Similarly, physical documents which are confidential, or to which privilege applies, must be kept in a locked filing cabinet, at least, with secure rooms and house alarms also worth consideration.
The Bar Council has provided detailed guidance on secure working in the context of COVID-19 (Data protection and security when working from home). In anticipation of a continued pattern of working at home, review the guidance which is available because the best advice is to act now to avoid problems in the future.
On 23 March 2020, when the Prime Minister announced that ‘people will only be allowed to leave their home for very limited purposes’, there was a myriad of possibilities available to the Bar which fell in the continuum between two stark options: give up; or carry on.
Whether it was bravery, pragmatism or necessity which drove courts, tribunals, chambers, and solicitors’ firms to enthusiastically adopt remote working, the impact is clear: things will never be the same. We shall continue to ‘work from home’, and as much of the legal profession surrenders leases to downsize its office footprint, the advantages of virtual conferences and hearings will be firmly grasped. We will all be required to develop a space from which we can efficiently and, most importantly, securely work.
So, what are the considerations for a secure virtual space? What risks arise from working at home which were not present when cloistered in chambers? And what are the impacts and liabilities from failing to meet the requisite standards?
While the thought of becoming a barrister/IT professional may be daunting to some, the considerations that now apply in this brave new world are similar (in fact they are almost identical) to the issues that chambers faced in 2019. The only difference is that now each individual barrister must seize the mantel rather than delegating their personal responsibility to the designated ‘IT genius’ or ‘tech wiz’.
The consequence of this is that every barrister, whether employed or in chambers in 2019, knows through their work someone who is able to help or assist with setting up their virtual office. If, in 2019, chambers had a data protection officer (DPO) then this person will be able to point you towards the ‘appropriate technical and organisational measures’ which must apply in your home work space. If it was the company or firm’s IT department that set up your office network, then this department should be available to address the technical security considerations which will apply to remote working.
However, those working at the self-employed Bar will be registered, as an individual, with the Information Commissioner’s Office, and will be personally liable for any fine (up to €20m) that could result from a personal data breach. Employed barristers must ensure that their workplace is secure as part of their employment contract. Therefore, this article sets out five practical steps to achieving data protection and security when working remotely.
Encryption was a prerequisite to secure data management before the coronavirus outbreak so many work laptops/desktops will already be encrypted. Apple products come with encryption by default (FileVault). To check whether your iMac is encrypted simply go to ‘System Preferences’. If your iMac is not encrypted with FileVault, choose Apple menu > System Preferences, click Security & Privacy, then click FileVault. Open the FileVault pane, and Click Turn On FileVault. You might be asked to enter your password. Choose how to unlock your disk and reset your login password if you forget it: click Continue. It really is very straightforward.
If available, encrypting a device running Windows 10 is not significantly more difficult than with Apple’s FileVault. However, encryption is not necessarily installed by default, and Windows 10 Home edition will not have BitLocker, the Microsoft equivalent to FileVault.
To turn on device encryption on Windows, sign in with an administrator account. Select the Start button, then select Settings > Update & Security > Device encryption. If Device encryption does not appear then it is unavailable but you may be able to use standard BitLocker encryption instead. If encryption is available, open device encryption setting and turn encryption to ‘on’.
Standard BitLocker encryption can be accessed through the search box on the taskbar. Type ‘Manage BitLocker’ and then select it from the list of results. Alternatively, this can be accessed through Control Panel, selecting System and Security. Once you have accessed BitLocker, select ‘Turn on BitLocker’ and follow the instructions.
When working from home it may be tempting to use the desktop which is set up in the living room rather than sitting on a sofa or bed with a laptop on your knees. While ergonomically a desk with a proper office chair is advisable, shared computers must have separate account spaces for each user; and your account should be the only one with administrator access. Confidentiality is also essential, particularly in remote conferences or hearings. Screens should not be visible and access should be locked, whether by closing a laptop or putting a desktop into ‘sleep’, whenever you step away from your machine.
Virus software and operating systems should be regularly updated if the computer is being used by multiple people. A shared computer is more susceptible to malware and viruses as there are likely to be separate email accounts to be targeted by phishing emails. Further, downloaded files (eg games, music, video) from public websites are more likely to include malicious software than Word or Excel files from trusted sources.
While Zoom may be the perfect app for the online pub quiz with the extended family and friends, the terms of service provide Zoom with the authority to record anything captured within a Zoom meeting: ‘Recordings: You are responsible for compliance with all recording laws. The host can choose to record Zoom meetings and Webinars. By using the Services, you are giving Zoom consent to store recordings for any or all Zoom meetings or webinars that you join, if such recordings are stored in our systems. You will receive a notification (visual or otherwise) when recording is enabled. If you do not consent to being recorded, you can choose to leave the meeting or webinar.’
It is highly likely that your instructing solicitor or employer will have a preferred video conferencing application. However, if not, Microsoft Teams or Skype are easy options which maintain confidentiality.
Many chambers or employers will automatically back up files to a specific server whether you are on the premises or remote working. If that is the case, ensure that your home broadband is sufficient to allow for regular back-ups while you are able to continue to work. Inadequate bandwidth may mean that you have to back-up at less regular intervals. Contact your IT administrator to arrange this if it cannot be completed locally.
If you are not able to back-up to a central server, then arrange for an alternative approach. Whether you opt for a physical back-up to a separate hard-drive or a cloud-based option will likely depend on how long you intend to remain working remotely. A cloud-based approach is more flexible but does come with additional security risk. For example, using a cloud service which maintains servers in the US will not be compliant with GDPR.
The online environment is the essence of remote working but physical security is equally important. If you choose to back up to an external hard drive, this must be kept securely. Similarly, physical documents which are confidential, or to which privilege applies, must be kept in a locked filing cabinet, at least, with secure rooms and house alarms also worth consideration.
The Bar Council has provided detailed guidance on secure working in the context of COVID-19 (Data protection and security when working from home). In anticipation of a continued pattern of working at home, review the guidance which is available because the best advice is to act now to avoid problems in the future.
Chair of the Bar Sam Townend KC highlights some of the key achievements at the Bar Council this year
Louise Crush of Westgate Wealth Management highlights some of the ways you can cut your IHT bill
Rachel Davenport breaks down everything you need to know about AlphaBiolabs’ industry-leading laboratory testing services for legal matters
By Louise Crush of Westgate Wealth Management sets out the key steps to your dream property
A centre of excellence for youth justice, the Youth Justice Legal Centre provides specialist training, an advice line and a membership programme
By Kem Kemal of Henry Dannell
Professor Dominic Regan and Seán Jones KC identify good value bottles across the price spectrum – from festive fizz to reliable reds
Joanna Hardy-Susskind speaks to those walking away from the criminal Bar
Imposing a professional obligation to act in a way that advances equality, diversity and inclusion is the wrong way to achieve this ambition, says Nick Vineall KC
Tom Cosgrove KC looks at the government’s radical planning reform and the opportunities and challenges ahead for practitioners
By Ashley Friday of AlphaBiolabs