*/
On 23 March 2020, when the Prime Minister announced that ‘people will only be allowed to leave their home for very limited purposes’, there was a myriad of possibilities available to the Bar which fell in the continuum between two stark options: give up; or carry on.
Whether it was bravery, pragmatism or necessity which drove courts, tribunals, chambers, and solicitors’ firms to enthusiastically adopt remote working, the impact is clear: things will never be the same. We shall continue to ‘work from home’, and as much of the legal profession surrenders leases to downsize its office footprint, the advantages of virtual conferences and hearings will be firmly grasped. We will all be required to develop a space from which we can efficiently and, most importantly, securely work.
So, what are the considerations for a secure virtual space? What risks arise from working at home which were not present when cloistered in chambers? And what are the impacts and liabilities from failing to meet the requisite standards?
While the thought of becoming a barrister/IT professional may be daunting to some, the considerations that now apply in this brave new world are similar (in fact they are almost identical) to the issues that chambers faced in 2019. The only difference is that now each individual barrister must seize the mantel rather than delegating their personal responsibility to the designated ‘IT genius’ or ‘tech wiz’.
The consequence of this is that every barrister, whether employed or in chambers in 2019, knows through their work someone who is able to help or assist with setting up their virtual office. If, in 2019, chambers had a data protection officer (DPO) then this person will be able to point you towards the ‘appropriate technical and organisational measures’ which must apply in your home work space. If it was the company or firm’s IT department that set up your office network, then this department should be available to address the technical security considerations which will apply to remote working.
However, those working at the self-employed Bar will be registered, as an individual, with the Information Commissioner’s Office, and will be personally liable for any fine (up to €20m) that could result from a personal data breach. Employed barristers must ensure that their workplace is secure as part of their employment contract. Therefore, this article sets out five practical steps to achieving data protection and security when working remotely.
Encryption was a prerequisite to secure data management before the coronavirus outbreak so many work laptops/desktops will already be encrypted. Apple products come with encryption by default (FileVault). To check whether your iMac is encrypted simply go to ‘System Preferences’. If your iMac is not encrypted with FileVault, choose Apple menu > System Preferences, click Security & Privacy, then click FileVault. Open the FileVault pane, and Click Turn On FileVault. You might be asked to enter your password. Choose how to unlock your disk and reset your login password if you forget it: click Continue. It really is very straightforward.
If available, encrypting a device running Windows 10 is not significantly more difficult than with Apple’s FileVault. However, encryption is not necessarily installed by default, and Windows 10 Home edition will not have BitLocker, the Microsoft equivalent to FileVault.
To turn on device encryption on Windows, sign in with an administrator account. Select the Start button, then select Settings > Update & Security > Device encryption. If Device encryption does not appear then it is unavailable but you may be able to use standard BitLocker encryption instead. If encryption is available, open device encryption setting and turn encryption to ‘on’.
Standard BitLocker encryption can be accessed through the search box on the taskbar. Type ‘Manage BitLocker’ and then select it from the list of results. Alternatively, this can be accessed through Control Panel, selecting System and Security. Once you have accessed BitLocker, select ‘Turn on BitLocker’ and follow the instructions.
When working from home it may be tempting to use the desktop which is set up in the living room rather than sitting on a sofa or bed with a laptop on your knees. While ergonomically a desk with a proper office chair is advisable, shared computers must have separate account spaces for each user; and your account should be the only one with administrator access. Confidentiality is also essential, particularly in remote conferences or hearings. Screens should not be visible and access should be locked, whether by closing a laptop or putting a desktop into ‘sleep’, whenever you step away from your machine.
Virus software and operating systems should be regularly updated if the computer is being used by multiple people. A shared computer is more susceptible to malware and viruses as there are likely to be separate email accounts to be targeted by phishing emails. Further, downloaded files (eg games, music, video) from public websites are more likely to include malicious software than Word or Excel files from trusted sources.
While Zoom may be the perfect app for the online pub quiz with the extended family and friends, the terms of service provide Zoom with the authority to record anything captured within a Zoom meeting: ‘Recordings: You are responsible for compliance with all recording laws. The host can choose to record Zoom meetings and Webinars. By using the Services, you are giving Zoom consent to store recordings for any or all Zoom meetings or webinars that you join, if such recordings are stored in our systems. You will receive a notification (visual or otherwise) when recording is enabled. If you do not consent to being recorded, you can choose to leave the meeting or webinar.’
It is highly likely that your instructing solicitor or employer will have a preferred video conferencing application. However, if not, Microsoft Teams or Skype are easy options which maintain confidentiality.
Many chambers or employers will automatically back up files to a specific server whether you are on the premises or remote working. If that is the case, ensure that your home broadband is sufficient to allow for regular back-ups while you are able to continue to work. Inadequate bandwidth may mean that you have to back-up at less regular intervals. Contact your IT administrator to arrange this if it cannot be completed locally.
If you are not able to back-up to a central server, then arrange for an alternative approach. Whether you opt for a physical back-up to a separate hard-drive or a cloud-based option will likely depend on how long you intend to remain working remotely. A cloud-based approach is more flexible but does come with additional security risk. For example, using a cloud service which maintains servers in the US will not be compliant with GDPR.
The online environment is the essence of remote working but physical security is equally important. If you choose to back up to an external hard drive, this must be kept securely. Similarly, physical documents which are confidential, or to which privilege applies, must be kept in a locked filing cabinet, at least, with secure rooms and house alarms also worth consideration.
The Bar Council has provided detailed guidance on secure working in the context of COVID-19 (Data protection and security when working from home). In anticipation of a continued pattern of working at home, review the guidance which is available because the best advice is to act now to avoid problems in the future.
On 23 March 2020, when the Prime Minister announced that ‘people will only be allowed to leave their home for very limited purposes’, there was a myriad of possibilities available to the Bar which fell in the continuum between two stark options: give up; or carry on.
Whether it was bravery, pragmatism or necessity which drove courts, tribunals, chambers, and solicitors’ firms to enthusiastically adopt remote working, the impact is clear: things will never be the same. We shall continue to ‘work from home’, and as much of the legal profession surrenders leases to downsize its office footprint, the advantages of virtual conferences and hearings will be firmly grasped. We will all be required to develop a space from which we can efficiently and, most importantly, securely work.
So, what are the considerations for a secure virtual space? What risks arise from working at home which were not present when cloistered in chambers? And what are the impacts and liabilities from failing to meet the requisite standards?
While the thought of becoming a barrister/IT professional may be daunting to some, the considerations that now apply in this brave new world are similar (in fact they are almost identical) to the issues that chambers faced in 2019. The only difference is that now each individual barrister must seize the mantel rather than delegating their personal responsibility to the designated ‘IT genius’ or ‘tech wiz’.
The consequence of this is that every barrister, whether employed or in chambers in 2019, knows through their work someone who is able to help or assist with setting up their virtual office. If, in 2019, chambers had a data protection officer (DPO) then this person will be able to point you towards the ‘appropriate technical and organisational measures’ which must apply in your home work space. If it was the company or firm’s IT department that set up your office network, then this department should be available to address the technical security considerations which will apply to remote working.
However, those working at the self-employed Bar will be registered, as an individual, with the Information Commissioner’s Office, and will be personally liable for any fine (up to €20m) that could result from a personal data breach. Employed barristers must ensure that their workplace is secure as part of their employment contract. Therefore, this article sets out five practical steps to achieving data protection and security when working remotely.
Encryption was a prerequisite to secure data management before the coronavirus outbreak so many work laptops/desktops will already be encrypted. Apple products come with encryption by default (FileVault). To check whether your iMac is encrypted simply go to ‘System Preferences’. If your iMac is not encrypted with FileVault, choose Apple menu > System Preferences, click Security & Privacy, then click FileVault. Open the FileVault pane, and Click Turn On FileVault. You might be asked to enter your password. Choose how to unlock your disk and reset your login password if you forget it: click Continue. It really is very straightforward.
If available, encrypting a device running Windows 10 is not significantly more difficult than with Apple’s FileVault. However, encryption is not necessarily installed by default, and Windows 10 Home edition will not have BitLocker, the Microsoft equivalent to FileVault.
To turn on device encryption on Windows, sign in with an administrator account. Select the Start button, then select Settings > Update & Security > Device encryption. If Device encryption does not appear then it is unavailable but you may be able to use standard BitLocker encryption instead. If encryption is available, open device encryption setting and turn encryption to ‘on’.
Standard BitLocker encryption can be accessed through the search box on the taskbar. Type ‘Manage BitLocker’ and then select it from the list of results. Alternatively, this can be accessed through Control Panel, selecting System and Security. Once you have accessed BitLocker, select ‘Turn on BitLocker’ and follow the instructions.
When working from home it may be tempting to use the desktop which is set up in the living room rather than sitting on a sofa or bed with a laptop on your knees. While ergonomically a desk with a proper office chair is advisable, shared computers must have separate account spaces for each user; and your account should be the only one with administrator access. Confidentiality is also essential, particularly in remote conferences or hearings. Screens should not be visible and access should be locked, whether by closing a laptop or putting a desktop into ‘sleep’, whenever you step away from your machine.
Virus software and operating systems should be regularly updated if the computer is being used by multiple people. A shared computer is more susceptible to malware and viruses as there are likely to be separate email accounts to be targeted by phishing emails. Further, downloaded files (eg games, music, video) from public websites are more likely to include malicious software than Word or Excel files from trusted sources.
While Zoom may be the perfect app for the online pub quiz with the extended family and friends, the terms of service provide Zoom with the authority to record anything captured within a Zoom meeting: ‘Recordings: You are responsible for compliance with all recording laws. The host can choose to record Zoom meetings and Webinars. By using the Services, you are giving Zoom consent to store recordings for any or all Zoom meetings or webinars that you join, if such recordings are stored in our systems. You will receive a notification (visual or otherwise) when recording is enabled. If you do not consent to being recorded, you can choose to leave the meeting or webinar.’
It is highly likely that your instructing solicitor or employer will have a preferred video conferencing application. However, if not, Microsoft Teams or Skype are easy options which maintain confidentiality.
Many chambers or employers will automatically back up files to a specific server whether you are on the premises or remote working. If that is the case, ensure that your home broadband is sufficient to allow for regular back-ups while you are able to continue to work. Inadequate bandwidth may mean that you have to back-up at less regular intervals. Contact your IT administrator to arrange this if it cannot be completed locally.
If you are not able to back-up to a central server, then arrange for an alternative approach. Whether you opt for a physical back-up to a separate hard-drive or a cloud-based option will likely depend on how long you intend to remain working remotely. A cloud-based approach is more flexible but does come with additional security risk. For example, using a cloud service which maintains servers in the US will not be compliant with GDPR.
The online environment is the essence of remote working but physical security is equally important. If you choose to back up to an external hard drive, this must be kept securely. Similarly, physical documents which are confidential, or to which privilege applies, must be kept in a locked filing cabinet, at least, with secure rooms and house alarms also worth consideration.
The Bar Council has provided detailed guidance on secure working in the context of COVID-19 (Data protection and security when working from home). In anticipation of a continued pattern of working at home, review the guidance which is available because the best advice is to act now to avoid problems in the future.
The Chair of the Bar sets out how the new government can restore the justice system
In the first of a new series, Louise Crush of Westgate Wealth considers the fundamental need for financial protection
Unlocking your aged debt to fund your tax in one easy step. By Philip N Bristow
Possibly, but many barristers are glad he did…
Mental health charity Mind BWW has received a £500 donation from drug, alcohol and DNA testing laboratory, AlphaBiolabs as part of its Giving Back campaign
The Institute of Neurotechnology & Law is thrilled to announce its inaugural essay competition
How to navigate open source evidence in an era of deepfakes. By Professor Yvonne McDermott Rees and Professor Alexa Koenig
Brie Stevens-Hoare KC and Lyndsey de Mestre KC take a look at the difficulties women encounter during the menopause, and offer some practical tips for individuals and chambers to make things easier
Sir Geoffrey Vos, Master of the Rolls and Head of Civil Justice since January 2021, is well known for his passion for access to justice and all things digital. Perhaps less widely known is the driven personality and wanderlust that lies behind this, as Anthony Inglese CB discovers
The Chair of the Bar sets out how the new government can restore the justice system
No-one should have to live in sub-standard accommodation, says Antony Hodari Solicitors. We are tackling the problem of bad housing with a two-pronged approach and act on behalf of tenants in both the civil and criminal courts
-(1)-(002).tmb-carlisting79eb.png){kind=logo}
