*/
On 23 March 2020, when the Prime Minister announced that ‘people will only be allowed to leave their home for very limited purposes’, there was a myriad of possibilities available to the Bar which fell in the continuum between two stark options: give up; or carry on.
Whether it was bravery, pragmatism or necessity which drove courts, tribunals, chambers, and solicitors’ firms to enthusiastically adopt remote working, the impact is clear: things will never be the same. We shall continue to ‘work from home’, and as much of the legal profession surrenders leases to downsize its office footprint, the advantages of virtual conferences and hearings will be firmly grasped. We will all be required to develop a space from which we can efficiently and, most importantly, securely work.
So, what are the considerations for a secure virtual space? What risks arise from working at home which were not present when cloistered in chambers? And what are the impacts and liabilities from failing to meet the requisite standards?
While the thought of becoming a barrister/IT professional may be daunting to some, the considerations that now apply in this brave new world are similar (in fact they are almost identical) to the issues that chambers faced in 2019. The only difference is that now each individual barrister must seize the mantel rather than delegating their personal responsibility to the designated ‘IT genius’ or ‘tech wiz’.
The consequence of this is that every barrister, whether employed or in chambers in 2019, knows through their work someone who is able to help or assist with setting up their virtual office. If, in 2019, chambers had a data protection officer (DPO) then this person will be able to point you towards the ‘appropriate technical and organisational measures’ which must apply in your home work space. If it was the company or firm’s IT department that set up your office network, then this department should be available to address the technical security considerations which will apply to remote working.
However, those working at the self-employed Bar will be registered, as an individual, with the Information Commissioner’s Office, and will be personally liable for any fine (up to €20m) that could result from a personal data breach. Employed barristers must ensure that their workplace is secure as part of their employment contract. Therefore, this article sets out five practical steps to achieving data protection and security when working remotely.
Encryption was a prerequisite to secure data management before the coronavirus outbreak so many work laptops/desktops will already be encrypted. Apple products come with encryption by default (FileVault). To check whether your iMac is encrypted simply go to ‘System Preferences’. If your iMac is not encrypted with FileVault, choose Apple menu > System Preferences, click Security & Privacy, then click FileVault. Open the FileVault pane, and Click Turn On FileVault. You might be asked to enter your password. Choose how to unlock your disk and reset your login password if you forget it: click Continue. It really is very straightforward.
If available, encrypting a device running Windows 10 is not significantly more difficult than with Apple’s FileVault. However, encryption is not necessarily installed by default, and Windows 10 Home edition will not have BitLocker, the Microsoft equivalent to FileVault.
To turn on device encryption on Windows, sign in with an administrator account. Select the Start button, then select Settings > Update & Security > Device encryption. If Device encryption does not appear then it is unavailable but you may be able to use standard BitLocker encryption instead. If encryption is available, open device encryption setting and turn encryption to ‘on’.
Standard BitLocker encryption can be accessed through the search box on the taskbar. Type ‘Manage BitLocker’ and then select it from the list of results. Alternatively, this can be accessed through Control Panel, selecting System and Security. Once you have accessed BitLocker, select ‘Turn on BitLocker’ and follow the instructions.
When working from home it may be tempting to use the desktop which is set up in the living room rather than sitting on a sofa or bed with a laptop on your knees. While ergonomically a desk with a proper office chair is advisable, shared computers must have separate account spaces for each user; and your account should be the only one with administrator access. Confidentiality is also essential, particularly in remote conferences or hearings. Screens should not be visible and access should be locked, whether by closing a laptop or putting a desktop into ‘sleep’, whenever you step away from your machine.
Virus software and operating systems should be regularly updated if the computer is being used by multiple people. A shared computer is more susceptible to malware and viruses as there are likely to be separate email accounts to be targeted by phishing emails. Further, downloaded files (eg games, music, video) from public websites are more likely to include malicious software than Word or Excel files from trusted sources.
While Zoom may be the perfect app for the online pub quiz with the extended family and friends, the terms of service provide Zoom with the authority to record anything captured within a Zoom meeting: ‘Recordings: You are responsible for compliance with all recording laws. The host can choose to record Zoom meetings and Webinars. By using the Services, you are giving Zoom consent to store recordings for any or all Zoom meetings or webinars that you join, if such recordings are stored in our systems. You will receive a notification (visual or otherwise) when recording is enabled. If you do not consent to being recorded, you can choose to leave the meeting or webinar.’
It is highly likely that your instructing solicitor or employer will have a preferred video conferencing application. However, if not, Microsoft Teams or Skype are easy options which maintain confidentiality.
Many chambers or employers will automatically back up files to a specific server whether you are on the premises or remote working. If that is the case, ensure that your home broadband is sufficient to allow for regular back-ups while you are able to continue to work. Inadequate bandwidth may mean that you have to back-up at less regular intervals. Contact your IT administrator to arrange this if it cannot be completed locally.
If you are not able to back-up to a central server, then arrange for an alternative approach. Whether you opt for a physical back-up to a separate hard-drive or a cloud-based option will likely depend on how long you intend to remain working remotely. A cloud-based approach is more flexible but does come with additional security risk. For example, using a cloud service which maintains servers in the US will not be compliant with GDPR.
The online environment is the essence of remote working but physical security is equally important. If you choose to back up to an external hard drive, this must be kept securely. Similarly, physical documents which are confidential, or to which privilege applies, must be kept in a locked filing cabinet, at least, with secure rooms and house alarms also worth consideration.
The Bar Council has provided detailed guidance on secure working in the context of COVID-19 (Data protection and security when working from home). In anticipation of a continued pattern of working at home, review the guidance which is available because the best advice is to act now to avoid problems in the future.
On 23 March 2020, when the Prime Minister announced that ‘people will only be allowed to leave their home for very limited purposes’, there was a myriad of possibilities available to the Bar which fell in the continuum between two stark options: give up; or carry on.
Whether it was bravery, pragmatism or necessity which drove courts, tribunals, chambers, and solicitors’ firms to enthusiastically adopt remote working, the impact is clear: things will never be the same. We shall continue to ‘work from home’, and as much of the legal profession surrenders leases to downsize its office footprint, the advantages of virtual conferences and hearings will be firmly grasped. We will all be required to develop a space from which we can efficiently and, most importantly, securely work.
So, what are the considerations for a secure virtual space? What risks arise from working at home which were not present when cloistered in chambers? And what are the impacts and liabilities from failing to meet the requisite standards?
While the thought of becoming a barrister/IT professional may be daunting to some, the considerations that now apply in this brave new world are similar (in fact they are almost identical) to the issues that chambers faced in 2019. The only difference is that now each individual barrister must seize the mantel rather than delegating their personal responsibility to the designated ‘IT genius’ or ‘tech wiz’.
The consequence of this is that every barrister, whether employed or in chambers in 2019, knows through their work someone who is able to help or assist with setting up their virtual office. If, in 2019, chambers had a data protection officer (DPO) then this person will be able to point you towards the ‘appropriate technical and organisational measures’ which must apply in your home work space. If it was the company or firm’s IT department that set up your office network, then this department should be available to address the technical security considerations which will apply to remote working.
However, those working at the self-employed Bar will be registered, as an individual, with the Information Commissioner’s Office, and will be personally liable for any fine (up to €20m) that could result from a personal data breach. Employed barristers must ensure that their workplace is secure as part of their employment contract. Therefore, this article sets out five practical steps to achieving data protection and security when working remotely.
Encryption was a prerequisite to secure data management before the coronavirus outbreak so many work laptops/desktops will already be encrypted. Apple products come with encryption by default (FileVault). To check whether your iMac is encrypted simply go to ‘System Preferences’. If your iMac is not encrypted with FileVault, choose Apple menu > System Preferences, click Security & Privacy, then click FileVault. Open the FileVault pane, and Click Turn On FileVault. You might be asked to enter your password. Choose how to unlock your disk and reset your login password if you forget it: click Continue. It really is very straightforward.
If available, encrypting a device running Windows 10 is not significantly more difficult than with Apple’s FileVault. However, encryption is not necessarily installed by default, and Windows 10 Home edition will not have BitLocker, the Microsoft equivalent to FileVault.
To turn on device encryption on Windows, sign in with an administrator account. Select the Start button, then select Settings > Update & Security > Device encryption. If Device encryption does not appear then it is unavailable but you may be able to use standard BitLocker encryption instead. If encryption is available, open device encryption setting and turn encryption to ‘on’.
Standard BitLocker encryption can be accessed through the search box on the taskbar. Type ‘Manage BitLocker’ and then select it from the list of results. Alternatively, this can be accessed through Control Panel, selecting System and Security. Once you have accessed BitLocker, select ‘Turn on BitLocker’ and follow the instructions.
When working from home it may be tempting to use the desktop which is set up in the living room rather than sitting on a sofa or bed with a laptop on your knees. While ergonomically a desk with a proper office chair is advisable, shared computers must have separate account spaces for each user; and your account should be the only one with administrator access. Confidentiality is also essential, particularly in remote conferences or hearings. Screens should not be visible and access should be locked, whether by closing a laptop or putting a desktop into ‘sleep’, whenever you step away from your machine.
Virus software and operating systems should be regularly updated if the computer is being used by multiple people. A shared computer is more susceptible to malware and viruses as there are likely to be separate email accounts to be targeted by phishing emails. Further, downloaded files (eg games, music, video) from public websites are more likely to include malicious software than Word or Excel files from trusted sources.
While Zoom may be the perfect app for the online pub quiz with the extended family and friends, the terms of service provide Zoom with the authority to record anything captured within a Zoom meeting: ‘Recordings: You are responsible for compliance with all recording laws. The host can choose to record Zoom meetings and Webinars. By using the Services, you are giving Zoom consent to store recordings for any or all Zoom meetings or webinars that you join, if such recordings are stored in our systems. You will receive a notification (visual or otherwise) when recording is enabled. If you do not consent to being recorded, you can choose to leave the meeting or webinar.’
It is highly likely that your instructing solicitor or employer will have a preferred video conferencing application. However, if not, Microsoft Teams or Skype are easy options which maintain confidentiality.
Many chambers or employers will automatically back up files to a specific server whether you are on the premises or remote working. If that is the case, ensure that your home broadband is sufficient to allow for regular back-ups while you are able to continue to work. Inadequate bandwidth may mean that you have to back-up at less regular intervals. Contact your IT administrator to arrange this if it cannot be completed locally.
If you are not able to back-up to a central server, then arrange for an alternative approach. Whether you opt for a physical back-up to a separate hard-drive or a cloud-based option will likely depend on how long you intend to remain working remotely. A cloud-based approach is more flexible but does come with additional security risk. For example, using a cloud service which maintains servers in the US will not be compliant with GDPR.
The online environment is the essence of remote working but physical security is equally important. If you choose to back up to an external hard drive, this must be kept securely. Similarly, physical documents which are confidential, or to which privilege applies, must be kept in a locked filing cabinet, at least, with secure rooms and house alarms also worth consideration.
The Bar Council has provided detailed guidance on secure working in the context of COVID-19 (Data protection and security when working from home). In anticipation of a continued pattern of working at home, review the guidance which is available because the best advice is to act now to avoid problems in the future.
In this month’s column, Chair of the Bar Sam Townend KC highlights the many reasons why barristers should pay the Bar Representation Fee and back the Bar Council’s efforts on behalf of the profession
Is now the time to review your financial position, having reached a career milestone? asks Louise Crush
If you were to host a dinner party with 10 guests, and you asked them to explain what financial planning is and how it differs to financial advice, you’d receive 10 different answers. The variety of answers highlights the ongoing need to clarify and promote the value of financial planning.
Leading legal DNA, drug, and alcohol testing provider AlphaBiolabs has made its first Giving Back charity draw of 2024 with Andrew Sibson, a Legal Officer at Leeds City Council, being chosen as its first winner
Discover Lloyd’s unique approach to financial planning and experience working with barristers
Trust Delaunay Wealth to stand by your side amid the uncertainties ahead, writes Lloyd French
Lighting fires that cast unfairness into the shadows, creating history at home and abroad, and being comfortable with who you are – the remarkable criminal and international human rights barrister Kirsty Brimelow KC
Marking International Women's Day, Will Tyler KC interviews two female silks at the helm of two huge specialist Bar associations about their lives and careers – finding a common theme both to their success and the challenges facing their respective Bars
No longer an exclusive boys’ club, but still some way to go. To mark International Women's Day, Millie Rai describes what it’s like being a young female barrister at the Commercial Chancery Bar
If we fail to nurture women’s collective talent, half the population of this country will not be properly represented – from the junior Criminal Bar right up to the senior Judiciary. We cannot let all the hard work be undone, says Tana Adkin KC on International Women's Day
In this month’s column, Chair of the Bar Sam Townend KC highlights the many reasons why barristers should pay the Bar Representation Fee and back the Bar Council’s efforts on behalf of the profession