The Director approves all content and authorises publishing and removal of content including:
· Ensuring content is up to date;
· Ensuring content does not infringe copyright;
· Specifying conditions for downloading material;
· Ensuring any publicity conforms to the SRA Code of Conduct;
· Ensuring that it is accessible to people with disabilities; and
· Ensuring there is a privacy notice explaining how any data collected from visitors will be managed by the practice.
The Director will decide whether we should permit any links to be made from our website to any others. Linking arrangements will be governed by a contract signed on behalf of the practice. Management of any linking arrangements shall be the responsibility of Director.
Any such contract must:
· specify sites to which the firm’s website is linked;
· address any legal and business implications;
· specify the circumstances of accessing the linked site;
· include relevant disclaimers; and
· address copyright issues.
Securing our website
The Director ensures that our website is secure by doing the following Securing the website.
Updating the website: Our site will be updated as soon as a new plugin or CMS version is available. Those updates might just contain security enhancements or patch a vulnerability. We use a website firewall, which will virtually patch the security hole as soon as updates are released.
Passwords: use of strong password by storing all your passwords in an encrypted format and can easily generate random passwords at the click of a button. Password managers make it possible to use strong passwords by taking away the work of memorising weaker ones or jotting them down.
User Access: The Director and the web designer are the only people who has access to the website. To monitor unlawful access, the Director Keeps audit logs of access to the website.
Change the Default CMS Settings: We can avoid a large number of attacks simply by changing the default settings of our website when installing a CMS of choice. It is the Director`s responsibility to ensure that the CMS setting is changed regularly.
Installing SSL: Secure Sockets Layer (SSL). It is the standard security technology for establishing an encrypted link between a web server and a browser. The SSL certificate protects our website visitors’ information in transit, which in turn protects us from the fines and legal issues that come along with being found non-compliant with PCI DSS.
We use cloud computing services and we regularly check that cloud service provides sufficient safeguards in relation to confidentiality, security, reliability, availability and data deletion procedures. You may wish to refer to the ICO’s guidelines on cloud computing, and the Law Society’s guidance which may also be helpful.
The Data Protection legislation contains restrictions on the transfer of personal data to countries outside the European Economic Area, which do not provide an adequate level of security. For this reason, reputable service providers who provide storage facilities for data in the European Economic Area should generally be used. If you use a service provider based elsewhere you should check that data will only be stored in a country where the law provides sufficient safeguards in relation to data protection and that terms and conditions provide sufficient assurances in relation to data security. You should also be aware that storage facilities located outside the USA but owned by a subsidiary of a US company may be subject to US governmental surveillance. You should also be aware of the risks arising from reliance on the EU US Privacy Shield.
Some cloud storage facilities state that they provide encryption, but this does not mean that files stored in the cloud are accessible only to the cloud storage service provider’s customer. Some cloud storage service providers are able to gain access to the contents of encrypted files in order that they can provide access in accordance with a court order or a governmental request. All files must be encrypted before storing on our case management software which is stored on the cloud.
COPYRIGHT © 2019 JP LAW SOLICITORS · JP LAW SOLICITORS IS AUTHORISED AND REGULATED BY THE SOLICITORS REGULATION AUTHORITY IN ENGLAND & WALES AS A LICENCED BODY. SOLICITORS REGULATION AUTHORITY NUMBER: 622533.
THE REGISTERED OFFICE IS AT REGENT88, 210 CHURCH ROAD, LEYTON, LONDON, E10 7JQ