The Law Society accidentally sent 1,400 lawyers a spreadsheet containing their personal details.
On 23 October the Law Society sent a "confidential" email to over 1,400 of its members who practised as General Counsel or in senior in-house positions. The email invited the recipients to take part in a survey intended to provide the Law Society with insight into its in-house members. The email also promised, "[the Law Society] will never share your information for marketing purposes". One recipient commented to RollOnFriday, "Ha!"
Because although the sender, whom a source said was the Law Society's strategic relationship director, managed to blind-copy each recipient, they also attached an Excel document containing everyone's name and additional personal details. Thereby disclosing a full database of over 1,400 lawyers to everyone on the list. On the plus side, said a source, "if one of those lawyers was planning on a move into in-house recruitment, the ready-made list of contacts is a God-send". Citing the hot topic in many businesses of pending changes to data protection rules, an in-house lawyer said they were "pleased our governing body is so in touch with the issues we are facing".
The Law Society told RollOnFriday that a member of its admin team sent the email and inadvertently attached the spreadsheet of contacts, then attempted to recall the message but was unsuccessful. The team sent a follow-up email apologising and asking the recipients to delete the table.
Claiming that "most" of the information released was either publicly available or not sensitive personal data, a Law Society spokesperson said, “We regret this incident and apologise to those affected. We take all such incidents seriously. Having assessed this carefully against the ICO guidance on data breach reporting we have concluded that the threshold to self-report in this instance was not met. We are reviewing how this occurred and evaluating training requirements to ensure as far as possible this does not happen again”.
Tip Off ROF
On 23 October the Law Society sent a "confidential" email to over 1,400 of its members who practised as General Counsel or in senior in-house positions. The email invited the recipients to take part in a survey intended to provide the Law Society with insight into its in-house members. The email also promised, "[the Law Society] will never share your information for marketing purposes". One recipient commented to RollOnFriday, "Ha!"
Because although the sender, whom a source said was the Law Society's strategic relationship director, managed to blind-copy each recipient, they also attached an Excel document containing everyone's name and additional personal details. Thereby disclosing a full database of over 1,400 lawyers to everyone on the list. On the plus side, said a source, "if one of those lawyers was planning on a move into in-house recruitment, the ready-made list of contacts is a God-send". Citing the hot topic in many businesses of pending changes to data protection rules, an in-house lawyer said they were "pleased our governing body is so in touch with the issues we are facing".
 |
When you know the recall function is pointless but you're going to do it anyway. |
The Law Society told RollOnFriday that a member of its admin team sent the email and inadvertently attached the spreadsheet of contacts, then attempted to recall the message but was unsuccessful. The team sent a follow-up email apologising and asking the recipients to delete the table.
Claiming that "most" of the information released was either publicly available or not sensitive personal data, a Law Society spokesperson said, “We regret this incident and apologise to those affected. We take all such incidents seriously. Having assessed this carefully against the ICO guidance on data breach reporting we have concluded that the threshold to self-report in this instance was not met. We are reviewing how this occurred and evaluating training requirements to ensure as far as possible this does not happen again”.
Comments
381
414
412
391
415
384
This appears to have been human error (though training and systems should have been designed to minimise the risk). But this is the same Law Society that tries to rig competitive markets, tries to mislead the Competition Appeal Tribunal, falsely denies the existence of key documents to avoid disclosure in litigation, refuses to tell their own members, to whom they are accountable, what compensation they have had to pay for getting caught acting illegally, and endlessly tries to recreate themselves as regulators by muscling the SRA, and by exploiting their "quality accreditation schemes" as de facto regulatory requirements to practise certain areas of law.
They really do give the impression of having no ethical scruples, and no competence either.
406
384
398
373
But they terrorise everybody else with their breauractic overkill.
398
386