The safe and secure management of client files is a vital consideration for those in the legal sector. In the same manner as a medical professional, solicitor case files contain deeply sensitive, highly confidential personal, legal, and financial information.
Unfortunately, there are some examples in which solicitors have not acted to protect the best interests of their clients. In such matters, the SRA has endeavoured to take action. In a recent case, Hertfordshire solicitor Jeffrey Allan Jackson, was fined £3,750, and ordered to pay costs of £3,000 for failing to secure approximately 4,000 case files after the firm’s closure.
Mr Jackson informed the SRA that he could not afford the safe collection, storage or disposal of the archived files and instead left them in his former office premises. The files included sensitive and confidential information including Wills and deeds.
File management is undoubtedly a discipline. The SRA Handbook requires that solicitors comply with the principle of “safekeeping of documents and assets entrusted to the firm”. As such, file management considerations, such as how long to retain documents for, depend upon the area of law. For example, Wills and Power of Attorney documents should be safely stored and reviewed on the death of the client, or until the document is superseded by a newer version.
The Law Society states firms must take into account “relevant statutory provisions such as limitation periods and UK Finance Mortgage Lenders’ Handbook requirements where relevant”. This means that each firm should create and enforce a file management procedure which aligns with their legal offerings. The general limitation period under tort law is six years, but for some matters can be as long as 12 years, and as short as one year. However, while the relevant limitation periods may provide useful guidance, many firms choose to retain client documents for longer, in the knowledge that some cases may be brought out of time.
In terms of conveyancing matters, the UK Finance Mortgage Lenders’ Handbook s14.3.1 states, “for evidential purposes you must keep your file for at least six years from the date of the mortgage before destroying it. You should retain on file those documents as specified in these instructions, and/or our individual instructions, and any other documents which a reasonably competent solicitor/conveyancer would keep”. Some organisations, however, recommend a much longer retention period for conveyancing, even opting for 15 years; the logic being that cases against Conveyancers tend to be brought once a property is subsequently sold, and issues with the previous transaction discovered.
These retention requirements must also be balanced with your firm’s obligations under the General Data Protection Regulations (GDPR) which states personal data cannot be retained for longer than needed, and that clients have the right to request information relating to them be erased if no longer required. It is therefore important when creating or updating a file management policy to consider how any such requests would be handled within the scope of GDPR compliance.
Are you taking your work home?
While any file management policy can be readily enforced when documents are kept within the four walls of the office, taking files away from the firm, either for client meetings, to take to Court, or to work from home poses a new set of risks. In one such case, an in-house solicitor working for Oxfordshire County Council dropped sensitive information relating to a child protection case on the street.
Such eventualities may be avoided in a number of ways. Some examples include, by switching to electronic documentation, key documents can be viewed with the added security of data encryption (both in terms of connectivity and storage), screen time-outs, and secure logins. It is also essential to include a specific reference in your policies and procedures describing the exact process for taking client or other sensitive information outside the confines of the office and explain how this will be enforced.
Given the considerable risk of fines under the GDPR and Data Protection Act 2018 for non-compliance in relation to data protection, a clear, well-articulated and consistently enforced case file-management policy will not only avoid the potential payment of a crippling fine, but also avoid severe reputational damage to the law firm.
All law firms should have a concise and up to date policy for the storage, retention, use, and destruction of case documents and files. As law firms shift towards greater levels of digital documentation, the process of management and archiving documents can be automated (e.g. auto-archiving on a specific date or triggering review). Electronic document storage also provides improved security when transferring and reviewing outside of the office, in addition to considerable advantages in the area of eDiscovery. But in doing so, it poses a new set of challenges relating to data protection, technology reliability and up-time, and cyber-security; a topic which will be discussed in a future article.
We have been helping legal professionals with professional disciplinary and regulatory matters for over 20 years. If you have any questions please call us on 0151 909 2380 or complete our Free Online Enquiry and I will soon be in touch