Appendix 3: Guidelines in Relation to the Management of Electronic Records
1.1Barristers receive a significant amount of files electronically from instructing solicitors. When managing electronic files it is important to comply with the Data Protection Principle on ‘Integrity and Confidentiality’. Barristers will need to adopt appropriate security precautions and procedures in order to protect the integrity of confidentiality of electronic personal data. As a minimum, barristers should ensure that:
a)Appropriate encryption is used - particularly for laptops, tablets, portable storage devices and cloud storage folders;
b)Appropriate security is used on smartphones, for example, finger print recognition;
c)Special categories of data and data relating to criminal convictions is sent by encrypted email only;
d)Password-protect access to devices employing the use of strong passwords and password managers;
e)Work related devices are separated from those used for personal use; i.e. tablets, computers and other such devices;
f)Work related devices are not used by any family members or other third party;;
g)Data is appropriately backed-up andany devices used for back-ups are appropriately secure;
h)No personal data is contained on old devices when they are being retired;
i)Documents are not saved or left open on open-access computers;
j)Electronic files are destroyed in accordance with a data retention and destruction policy;
k)All support staff receives appropriate training in relation to data protection and e-communications policies are put in place for staff;
l)Up-to-date anti-virus software and firewalls are used and operating system updates are applied.
m)When making back-ups of data, using facilities which would not be at risk in the event of a ransomware attack.
1.1Barristers should consider and, where appropriate, comply with the Bar’s recommendations for Information Security. The Bar has invested in new technology to assist members' compliance with the GDPR in relation to the transmission and storage of their electronic data. The systems provided for members as part of the framework are:
a)Email: every member has a lawlibrary.ie email account with 100Gb of encrypted email storage. This encrypted email data is guaranteed to remain in the EU/EEA area and conforms to ISO27001, ISO27002 and ISO27018 standards.
b)OneDrive for Business: Every member has a OneDrive account with 1Tb of encrypted storage. These encrypted data files are guaranteed to remain in the EU/EEA area and conform to ISO27001, ISO27002 and ISO 27018 standards.
c)Office365: every member has a subscription to the latest version of office, which can be accessed at office365.com. This latest version should be loaded on your computers to ensure you have access to the latest facilities and utilities that Word, Excel, Powerpoint and Outlook provide. This is particularly important from a cyber-security perspective as the later versions are more secure and are updated more frequently than older versions.
d)EncryptionDatabase: To assist members’ record that their device has been encrypted, the Bar have opened an encryption database which will be maintained by the IT Helpdesk. Please register your encrypted device with the Helpdesk from 8th January 2018 to avail of this benefit.