The SRA should use its powers sparingly and treat client confidential information with the same respect that solicitors must employ, says Susanna Heley
Protection of confidentiality and privilege is a principal tenet of legal practice. In an era of cloud computing, ransomware attacks, and perpetual concern about cybersecurity, ensuring that information given to and held by solicitors is secure is of paramount importance.
The pace of technological change means that solicitors need to admit more people into the ‘circle of confidence’ surrounding the data they store. It has never been the case that information is given to a single solicitor and no-one else ever has access to that information. Even before computers, clerks and others were drafted in to support solicitors.
Outsourcing client work necessarily involves giving third parties access to some confidential and privileged information. While it may not be necessary for IT support to trawl through the minutiae of client information – indeed, who would have the time – IT consultants have theoretical access to everything on a solicitor’s system. Auditors and quality assessors may also call for client files as part of their assessments.
Despite the expansion of the circle of confidence, solicitors remain its heart, controlling access to information by requiring confidentiality from all of those admitted and making special arrangements to protect especially sensitive information. Solicitors’ practices could not function without the adoption of such practices.
The wildcards as regards confidentiality are, ironically, those bodies to whom solicitors must provide information under compulsion: regulators. Many regulators have in place memoranda of understanding with other regulatory and quasi regulatory bodies and information sharing between regulators is reasonably common if considered in the public interest. Information sharing between regulators has been the subject of consultation and is supported by statute.
The recent reported case of Maitland Hudson v SRA appears to be an example of confidential information coming in to the hands of the profession’s regulator and subsequently being disclosed to a third party, allegedly in breach of confidence. The reported decision related to the SRA’s unsuccessful application for summary judgment on grounds of causation and the regulator’s substantive defence is not yet known, for the purposes of the application, breach of confidence was assumed.
This is an unusual case but it highlights that once a solicitor has, under compulsion, produced information – including client confidential information – to the SRA, the solicitor will in practice have little control over what happens to it thereafter.
Where solicitors are prosecuted for misconduct before the Solicitors Disciplinary Tribunal, the hearings are held in public, save in exceptional circumstances. Details of advice given to clients, or transactions which are claimed to bear the hallmarks of fraud, may be considered at length. The usual practice is to anonymise reference to clients but slips by advocates or witnesses can lead to client confidential information being brought into the public domain. Some cases are so high profile that the identity of the client is obvious even if no one mentions a name.
Solicitors are, of course, obliged to make self reports to the SRA in respect of misconduct which is not considered trivial. Where the SRA starts an investigation into solicitors’ conduct, whether triggered by a self report or a complaint from a third party, the SRA may write an ‘explanation with warning’ (EWW)
letter to the affected solicitor seeking an explanation of the alleged conduct and containing warnings which include that it may be considered misconduct if the solicitor does not respond.
The SRA helpfully include a list of persons to whom they may disclose information received from the solicitor including: informants, others under investigation in the matter or a related matter, people they need to deal with to facilitate their investigation, other regulators, law enforcement agencies, and others in the public interest.
Taken literally, this warning means that the SRA could disclose information received from a solicitor to anyone if it considers it to be in the public interest to do so. If the informant is an opponent in ongoing litigation, the SRA apparently reserves to itself the right to disclose potentially privileged information to him without restriction.
Naturally, one hopes that the SRA would use the power it reserves to itself sparingly and treat client confidential information with the same respect that solicitors must employ. The fact remains though that the SRA’s approach appears to create a gap in the protection of confidential information which solicitors may not have the power to close.
Susanna Heley is a partner at RadcliffesLeBrasseur