This website uses cookies

This website uses cookies to ensure you get the best experience. By using our website, you agree to our Privacy Policy

Sign Up for our Free Newsletter
Solictors Journal logoSolictors Journal logo
Jean-Yves Gilg

Editor, Solicitors Journal

SRA warns solicitors over risks to client confidentiality

News
Share:
SRA warns solicitors over risks to client confidentiality

By

There is an obligation for firms to clearly state where client information is held

The SRA has issued new guidance on ensuring client confidentiality is maintained and highlighted the risks posed by third parties, mergers and acquisitions, outsourcing and cloud computing.

The guidance was published to deal with a number of issues including third parties having access to client information. The regulator discovered this was particularly a problem for firms who used other professional services for business management purposes, such as financial advice.

The SRA said that client permission may need to be sought before information is shared with third parties, and the guidance clarifies what should happen, as outlined in the Code of Conduct.

Furthermore, a risk of breaching client confidentiality is also present in firms sharing information in complex corporate structures, firms seeking to merge or acquire another firm, and outsourcing.

The guidance also revisits the theme of cloud computing and outlines both the benefits and the risks attached to its use. The SRA guidance suggests that confidential client information stored in a cloud, potentially in a foreign jurisdiction, may be more vulnerable to disclosure. Firms will need to be able to demonstrate they have considered the risks and that their clients have consented to information being stored in a particular way.

The Data Protection Act 1998 requires that personal information is handled in a manner which ensures key principles and legal obligations are properly adhered to. There is an obligation for firms to clearly state where client information is being held. However, this may be difficult for firms if service providers themselves are unaware of the exact locations.

Commenting on the guidance, David Middleton, SRA executive director, said: "Law firms are businesses like any other and as such might use other companies to advise them on specialist matters. Firms must ensure that in doing so they do not breach client confidentiality or legal professional privilege.

"We have therefore produced this guidance to ensure firms remain compliant when engaging the services of third parties. This guidance is also relevant for those larger firms that contain several legal entities, some of which may be operating in separate legal jurisdictions."