RSS feedsA recent near-disaster has prompted me to take a close look at the security and confidentiality of information regarding not only our practice, but our clients in particular.
A few weeks ago I met with a client early on a Monday morning who arrived in a state of barely-suppressed rage. While waiting in our reception area he had been treated to the entire contents of our telephone answering system as the receptionist played back all the messages received since 5.30pm the previous Friday. Not only that, but two junior staff were in reception waiting for a colleague and whiling away the time by slagging off the client whose accounts they were about to audit.
Needless to say my client was horrified. We were about to discuss a highly sensitive matter and he no longer had confidence in our ability to maintain confidentiality. It was only by promising a thorough review of all our information security safeguards that I managed to salvage the situation.
I set to with a will and was shocked by what I unearthed. Our reception area was an unofficial meeting place for staff; mail was left on desks in the open plan areas; staff went to meetings or lunch leaving documents open on their computers, and judging from the efficiency of the office grapevine there is not a single piece of information regarding the practice and its clients that is not common knowledge.
When confronted with the seriousness of their lack of care many staff were defensive and acted as though I were questioning their personal loyalty to the practice and its clients. I called a staff meeting and the catalogue of errors I read out left them severely chastened. Having put in place a far more robust policy to ensure that all information, no matter how trivial it may seem, is treated with the same degree of care I congratulated myself on a job well done.
Then I met a friend for dinner who had all the latest gossip on the merger of two practices known to both of us a merger that was not in the public domain. How did he acquire this information? While on the train home he overheard a partner from firm A chatting on his mobile to a partner from firm B. Just hearing one side of the conversation meant little was left to the imagination.
Help! How many of my staff discussed client or practice related information in public? As it turned out, most of them.
Dragging them into another staff meeting I asked how many of them used their mobiles for business related discussions while on public transport. The general attitude was: ‘Why give me a mobile if you don’t expect me to discuss business on it?’ After another heart-to-heart on confidentiality they have all promised to be more careful.
My partners assured me that they are whiter than white and would never be so rash as to discuss anything sensitive in public. I am not entirely sure I believe them. The biggest problem is certainly with the younger staff who have grown up with modern communications technology and don’t stop to think of its negative aspects.
As far as I know, the fact that the firm has been leaking like a sieve has not had a detrimental effect on us or our clients, but I cannot be certain. Surely we are not the only practice that has failed to address this issue? There must be many firms’ staff going about their business while sharing information with all and sundry. Hopefully our experience will act as a wake-up call to them.
