Data security enables the effective implementation of protective digital privacy measures to prevent unauthorized access to our computers, mobile devices, databases and our website. Our Chambers’ data security and privacy measures are aligned to effectively implement client privacy protections.
We take the security of the data we control and process very seriously and have the following measures in place to ensure that the data we are entrusted with is kept safe.
Ten Old Square has achieved “Cyber Essentials” accreditation from the National Cyber Security Centre
Chambers’ does not maintain any hardware or servers on Chambers’ premises that stores Chambers’ data or client data.
Chambers’ data – including casefile data such as fees, diary and client/case documents as well as data relating to the management of Chambers’ business and membership can only be accessed by assigned Clerks through a secure, online portal on Advanced’s “Hosted” MLC platform.
Advanced have ISO 27001 accreditation and only supply National Cyber Security Centre compliant services.
Access to email is also within that secure hosted environment All Chambers’ email (i.e. mail to/from @tenoldsquare.com) is protected by Mimecast, the leading email security firm with multiple (global) security accreditations including ISO 27001.
We use Dropbox “case collaboration” software within Hosted MLC to store and access client data that’s sent to us by our professional clients. All Chambers’ Dropbox data is stored on servers held at Dropbox’s EU Data Centre.
Our barristers can only access the data held on the specific MLC casefiles assigned to them by the Clerks. The Clerks have exclusive access and control over general Chambers’ data. The Senior Clerk, Keith Plowman, is our Data Protection Manager.
The Clerks’ devices in Chambers (and remotely) are protected by the managed (Endpoint) anti-virus/anti-malware service provided by Sophos.
Every member of Chambers is offered annual GDPR-training and certification. An online register of all GDPR-certified barristers is available here.
All our staff are GDPR-trained and certified annually.
We use the Bar Council-approved Briefed training program and the entire workforce has access to Briefed’s advisors and online GDPR toolkit in the event of data breaches and security threats.
Barristers are data controllers, Chambers is the data processor (and data controller for internal management purposes) and our staff are employees of the data processor.
Chambers has extensive data protection policies, plans and registries in place which are regularly reviewed, maintained and implemented.
Full details of these can be provided upon written request to the Senior Clerk or by email to firstname.lastname@example.org. Access to this information will be provided by the Senior Clerk at his discretion based on his assessment of need.
Any questions that you may have regarding our data security measures should be directed to our Senior Clerk.