Welsh chambers breaks ground with first ICO legal services certification


Harrington: Other chambers will follow

The largest chambers in Wales has become the first legal services provider to obtain the new law-specific data protection certification approved by the Information Commissioner’s Office (ICO).

Rebecca Harrington, barrister and treasurer of 30 Park Place, said certification recognised the work done by the chambers in the area and would help it improve, while allowing it to “get in at the start”.

The scheme, launched in February, provides legal services providers with “certainty” when processing personal data.

The ICO said the Legal Services Operational Privacy Certification Scheme, or LOCS:23, would reassure clients that lawyers had “strong information security” in place.

Ms Harrington said she believed others would soon follow suit: “I don’t believe we are the only chambers to take this issue seriously. Once they have seen that someone has done this successfully, they will not want to be left behind and will be forced to jump, whether they like it or not.”

However, she believed a “huge chunk of the legal industry” was not ready for LOCS:23, “even if it wanted to be”.

Kayleigh Jefferies, the lead civil clerk who did most of the work on certification, said the chambers, based in Cardiff, was “quite well placed” for certification, because of its strict approach to GDPR compliance.

She explained that, because 30 Park Place was the first legal services provider, its certification process acted as a pilot for the LOCS:23 scheme.

Ms Jefferies added that the process would have been much harder without technical advice from legal compliance business Briefed.

Orlagh Kelly, barrister and chief executive of Briefed, which was certified under LOCS:23 last month, said she was working with eight other sets of chambers on certification and several law firms, and having conversations with “several dozen” others about when they would apply.

Ms Kelly said the fact that a legal services provider was certified would be taken into account by ICO as mitigation if there was a data breach.

She said LOCS:23 was particularly relevant to chambers and law firms doing publicly funded work, as she was “firmly of the view that they will need this if they are working for the Crown Prosecution Service or local authorities”.

Ms Kelly said one of the law firms she was working with wanted to get certified because it was a B Corporation and it wanted “everything to be done to a gold standard”.

However, it was an “independent and robust standard” with a long list of criteria that had to be met and evidenced. She was aware that some legal services providers had attempted to get certification and failed at the first stage.

“The chambers we work with have very good GDPR guidance and this puts them in a strong position to achieve certification. There’s a real appetite for this.”




Leave a Comment

By clicking Submit you consent to Legal Futures storing your personal data and confirm you have read our Privacy Policy and section 5 of our Terms & Conditions which deals with user-generated content. All comments will be moderated before posting.

Required fields are marked *
Email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog


The lonely role of a COFA: sharing the burden of risk management

Compliance officers for finance and administration in law firms can often find themselves walking a solitary path. But what if we could create a collaborative culture of shared accountability?


Mind the (justice) gap: Why are RTAs going up but claims still down?

The gap between the number of road traffic accident injuries and the number of motor injury claims continues to widen, according to the latest government data.


Five key issues to consider when adopting an AI-based legal tech

As generative AI starts to play a bigger role in our working lives, there are some key issues that your law firm needs to consider when adopting an AI-based legal tech.


Loading animation