What is LOCS:23?

In February of this year, the ICO announced the Legal Services Operational Privacy Certification Scheme (LOCS:23) as the new ICO-approved GDPR standard for the legal sector. This is the first sector-wide certification approved by the ICO and is set to become the industry’s ‘Kite Mark.’ The standard aims to support legal service providers in their UK GDPR obligations and provide evidence to clients that their data is properly and legally protected.


Why Does LOCS:23 Matter for Legal Service Providers?

Until now, it has been challenging for legal service providers to track, monitor and prove that they are putting in the measures and taking the correct actions to remain compliant with UK GDPR. The pilot scheme has shown that some firms who believed they were fully prepared fell short in some areas.

Legal firms and associated organisations, such as barrister chambers, are custodians of highly sensitive data, making them prime targets for cyber-attacks. Trust is paramount in this sector, not just between clients and their lawyers but also with third-party suppliers involved in the data ‘supply chain.’

Recent statistics from Chaucer highlight a 36% increase in data breaches within UK law firms, emphasising the growing threat. These breaches compromise client data and expose firms to operational risks, reputational damage, and potential legal penalties, including hefty fines from the ICO.

In 2022, a UK law firm faced a ransomware attack on its IT system. The breach affected an archive server, compromising a significant amount of personal data records. Approximately one million individual files were encrypted. Despite the breach resulting from an external hack, the ICO found the security measures inadequate. The firm promptly notified the ICO and took steps to limit the damage however the ICO deemed the breach serious enough to warrant a fine equal to 3.25% of the firm’s annual turnover.

LOCS:23 responds to increasing concerns over data security, client feedback, and the legal sector’s demand for a robust mechanism to safeguard client data privacy and security, especially when engaging third-party vendors.



What are the Benefits of LOCS:23 Certification?

LOCS:23 offers a practical solution to legal service providers struggling to demonstrate GDPR compliance effectively. Through a comprehensive accountability framework, firms can now easily measure and audit their compliance efforts. This certification not only enhances client trust by demonstrating a firm’s commitment to data protection but also offers a competitive edge in the market.

A common challenge for legal service providers is maintaining the trust of their clients, especially when it involves third-party vendors. Ensuring the privacy and security of client data shared with these vendors is critical. Legal professionals must select third-party services that demonstrate robust data protection measures. LOCS:23 certification offers a solution, assuring legal firms of the data security standards maintained by certified vendors. This certification simplifies the process, eliminating the need for extensive data protection questionnaires and providing peace of mind regarding client data security.

Moreover, it serves as a mitigating factor against ICO fines, under Article 83 (2) (J) GDPR, underlining the importance of seeking certification to avoid being perceived as negligent. It is expected to lead the way for other sectors to have their own specific standard for GDPR.



Arx Alliance and LOCS:23

Arx Alliance has been chosen as a LOCS:23 Approved Solution, offering a unique platform for legal service providers to manage third-party cyber risks and vendor engagements efficiently. The Arx platform simplifies the LOCS:23 standard, enabling firms to conduct gap analyses independently before consulting external experts.

For legal service providers aiming to demonstrate their commitment to data protection and gain a competitive advantage, achieving LOCS:23 certification is a strategic move. Reach out to our team to learn how we can assist your firm in navigating the path to LOCS:23 certification.



Protect your firm with Arx Alliance

The Arx platform is unique. Our approach is collaborative rather than prescriptive. We give you the tools and the framework to create robust, secure supply chains in a way that is effective, and cuts through the noise and jargon of a complex industry.

Over time, through a guided step-by-step process, we can help you identify and mitigate risks inside your own organisation, and collaborate with your suppliers to create robust, secure supply chain relationships.

Arx provides your firm and suppliers with a suite of tools:

  • Visibility of the organisation’s attack surfaces
  • Efficient control of cyber policies and standards
  • Central place for managing standards and controls
  • Continuous monitoring of all touch points
  • Situational awareness for all tiers of supply chain
  • Risk scored suppliers to highlight weak links