Increased focus on visual privacy is taking place across the board, but particularly in some professions, of which legal is a good example. This is partly due to market pressure from industry bodies and the risk of fines, but also because of a growing awareness of the role of visual privacy as part of an overall security strategy. In other words, there is a recognition that the ability to view on-screen information—whether on a desktop monitor, laptop, tablet or smartphone—presents a very real risk, not just to law firms’ own data, but confidential details about clients too.
The good news for legal professionals is that there is considerable security advice and guidance available. Here are some of the main ones of which to be aware:
• The ICO – as well as having the power to levy fines for data breaches, the ICO also offers guidance on how to comply with the Information Security Principle of the Data Protection Act.
• The Bar Council – part of its best practice guidelines on compliance state that: “Confidential material should not be left in a position where it might be read inadvertently by another person entering the room” and “Confidential material should not be read or worked on in public where it can be overlooked by members of the public.” “Where possible, computers should not be placed so that their screens can be overlooked, especially in public places….You should use appropriate security technologies suitable for the particular device or application.”
• The Law Society – a ‘practice note’ from the Law Society states that data protection policies should outline staff responsibility for personal data and Information security procedures.
• Solicitors Regulation Authority (SRA) Code of Conduct – as part of the need to keep clients’ information confidential, the code requires law firms to have effective systems and controls in place to identify and manage potential areas of risk.
Visual protection
One of the common themes that runs through all those is that the ‘insider threat’ (whether through employee carelessness or malicious intent) needs to be addressed. Staff have a responsibility for protecting the information of their firms and their clients and this includes being aware of visual security vulnerabilities.
After all, it is alarmingly easy to view the information on someone else’s screen. ‘Shoulder surfing’ and ‘visual hacking’ does not require the skills of a computer software expert to execute. In a recent Ponemon Institute study carried out in the USA, almost 90 percent of visual ‘hacks’ were successful.
So what can be done? Just making staff aware of visual privacy—whether working in the office or in public—is a good start. Angle screens so that they are less easy to view. Screensavers and auto log-ins after a period of activity are simple but very effective at reducing visual privacy risks. Finally, consider installing privacy filters. Using advanced film technology, these can be easily slipped over screens of all kinds and prevent information from being viewable, unless at very close-range and straight on. So if someone were to glance at a screen sideways or from a distance, they would see a blank screen. The filters can be easily removed when needed.
Of course, privacy filters are just part of a much bigger set of security measures that any law firm should be considering, but it is a simple, cost-effective one to address and will tangibly contribute to compliance and protection of sensitive data.
For more information on how 3M Privacy Filters combat the threat of visual hacking while working in high traffic areas, or to request a sample, please visit our website.