Information security

Information security has become a business-critical issue. It is not something you can tackle in isolation, as there are obvious overlaps with cyber security and data protection.

A logical process for reviewing and addressing your information security requirements is to:

•
identify what information you hold, manage or are responsible for
•
assess the risks to that information
•
implement systems and controls to protect the information and mitigate risks so far as reasonably practicable
•
train your staff to include ongoing awareness campaigns
•
review your processes on a recurring basis, at least annually

Regulatory requirements

SRA

You must protect client money and assets.

You must also keep the affairs of clients confidential unless disclosure is required or permitted by law or the client consents.

Data protection

Integrity and confidentiality of personal data is a key principle of the Assimilated Regulation (EU) 2016/679, General Data Protection Regulation (UK GDPR). Personal data must be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. This is

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

TAKE A FREE TRIAL

Latest Practice Compliance News

Law Society publishes guidance on disability terminology and language

The Law Society of England and Wales has published guidance on disability terminology and language to support employers and employees in the workplace. The guide is aimed at ensuring that the legal profession is using the right words, phrases and acronyms when talking about disability.

SFO launches bribery investigation into defence firm Thales

The Serious Fraud Office (SFO) has initiated an investigation into suspected bribery and corruption involving the multi-national aviation and defence electronics group Thales. This probe is being conducted jointly with the French authority Parquet National Financier (PNF), with each agency operating within its respective jurisdiction. The investigation targets Thales Group, headquartered in Paris, whose UK subsidiary employs over 7,000 staff across 16 sites. SFO director, Nick Ephgrave QPM, highlighted the importance of international collaboration in combating corruption, emphasising the longstanding relationship between the SFO and PNF. The agencies have informed Thales of the investigation and are committed to rigorously pursuing all avenues in their inquiry into these serious allegations.

HM Treasury issues advisory on Oil Price Cap evasion tactics

HM Treasury (HMT)and the Office of Financial Sanctions Implementation (OFSI) have released an advisory concerning the Oil Price Cap (OPC) regime. The guidance specifically addresses evasion strategies involving the manipulation of product origin through the use of fabricated and falsified Certificates of Origin (CO). This advisory aims to alert relevant parties to the risks associated with such practices and to enhance compliance efforts within the oil trade sector.

Practice Compliance weekly highlights—21 November 2024

This week's edition of Practice Compliance weekly highlights includes: the latest financial sanctions updates, three new consultations from the Solicitors Regulation Authority (SRA) on client money management and consumer protection, initiation of a consultation for legal regulators to combat economic crime by the Legal Services Board (LSB), and new guidance from the SRA on internal investigations, together with a suite of guidance for in-house solicitors.

View Practice Compliance by content type :

News