The Law Society recognises that senior managers within a legal organisation have a “responsibility for embedding core risk management systems, policies, and procedures within their firms”. A ‘practice note’ from the Law Society also notes that data protection policies should outline Staff responsibility for personal data and Information security procedures.
The Solicitors Regulation Authority, the regulatory body of the Law Society, publishes a Code of Conduct which states that “Protection of confidential information is a fundamental feature of your relationship with clients” and requires that companies “have effective systems and controls in place to enable you to identify risks to client confidentiality and to mitigate those risks.” (SRA Code of Conduct 2011, Chapter 4: Confidentiality and disclosure).
The Bar Council’s best practice guidelines on compliance include the following:
- ‘Confidential Material should not be left in a position where it might be read inadvertently by another person entering the room’.
- ‘Confidential Material should not be read or worked on in public where it can be overlooked by members of the public.’
- ‘Where possible, computers should not be placed so that their screens can be overlooked, especially in public places.’
- ‘You should use appropriate security technologies suitable for the particular device or application.’