The largest chambers in Wales has become the first legal services provider to obtain the new law-specific data protection certification approved by the Information Commissioner’s Office (ICO).
Rebecca Harrington, barrister and treasurer of 30 Park Place, said certification recognised the work done by the chambers in the area and would help it improve, while allowing it to “get in at the start”.
The scheme, launched in February, provides legal services providers with “certainty” when processing personal data.
The ICO said the Legal Services Operational Privacy Certification Scheme, or LOCS:23, would reassure clients that lawyers had “strong information security” in place.
Ms Harrington said she believed others would soon follow suit: “I don’t believe we are the only chambers to take this issue seriously. Once they have seen that someone has done this successfully, they will not want to be left behind and will be forced to jump, whether they like it or not.”
However, she believed a “huge chunk of the legal industry” was not ready for LOCS:23, “even if it wanted to be”.
Kayleigh Jefferies, the lead civil clerk who did most of the work on certification, said the chambers, based in Cardiff, was “quite well placed” for certification, because of its strict approach to GDPR compliance.
She explained that, because 30 Park Place was the first legal services provider, its certification process acted as a pilot for the LOCS:23 scheme.
Ms Jefferies added that the process would have been much harder without technical advice from legal compliance business Briefed.
Orlagh Kelly, barrister and chief executive of Briefed, which was certified under LOCS:23 last month, said she was working with eight other sets of chambers on certification and several law firms, and having conversations with “several dozen” others about when they would apply.
Ms Kelly said the fact that a legal services provider was certified would be taken into account by ICO as mitigation if there was a data breach.
She said LOCS:23 was particularly relevant to chambers and law firms doing publicly funded work, as she was “firmly of the view that they will need this if they are working for the Crown Prosecution Service or local authorities”.
Ms Kelly said one of the law firms she was working with wanted to get certified because it was a B Corporation and it wanted “everything to be done to a gold standard”.
However, it was an “independent and robust standard” with a long list of criteria that had to be met and evidenced. She was aware that some legal services providers had attempted to get certification and failed at the first stage.
“The chambers we work with have very good GDPR guidance and this puts them in a strong position to achieve certification. There’s a real appetite for this.”
Leave a Comment