Welsh chambers breaks ground with first ICO legal services certification


Harrington: Other chambers will follow

The largest chambers in Wales has become the first legal services provider to obtain the new law-specific data protection certification approved by the Information Commissioner’s Office (ICO).

Rebecca Harrington, barrister and treasurer of 30 Park Place, said certification recognised the work done by the chambers in the area and would help it improve, while allowing it to “get in at the start”.

The scheme, launched in February, provides legal services providers with “certainty” when processing personal data.

The ICO said the Legal Services Operational Privacy Certification Scheme, or LOCS:23, would reassure clients that lawyers had “strong information security” in place.

Ms Harrington said she believed others would soon follow suit: “I don’t believe we are the only chambers to take this issue seriously. Once they have seen that someone has done this successfully, they will not want to be left behind and will be forced to jump, whether they like it or not.”

However, she believed a “huge chunk of the legal industry” was not ready for LOCS:23, “even if it wanted to be”.

Kayleigh Jefferies, the lead civil clerk who did most of the work on certification, said the chambers, based in Cardiff, was “quite well placed” for certification, because of its strict approach to GDPR compliance.

She explained that, because 30 Park Place was the first legal services provider, its certification process acted as a pilot for the LOCS:23 scheme.

Ms Jefferies added that the process would have been much harder without technical advice from legal compliance business Briefed.

Orlagh Kelly, barrister and chief executive of Briefed, which was certified under LOCS:23 last month, said she was working with eight other sets of chambers on certification and several law firms, and having conversations with “several dozen” others about when they would apply.

Ms Kelly said the fact that a legal services provider was certified would be taken into account by ICO as mitigation if there was a data breach.

She said LOCS:23 was particularly relevant to chambers and law firms doing publicly funded work, as she was “firmly of the view that they will need this if they are working for the Crown Prosecution Service or local authorities”.

Ms Kelly said one of the law firms she was working with wanted to get certified because it was a B Corporation and it wanted “everything to be done to a gold standard”.

However, it was an “independent and robust standard” with a long list of criteria that had to be met and evidenced. She was aware that some legal services providers had attempted to get certification and failed at the first stage.

“The chambers we work with have very good GDPR guidance and this puts them in a strong position to achieve certification. There’s a real appetite for this.”




Leave a Comment

By clicking Submit you consent to Legal Futures storing your personal data and confirm you have read our Privacy Policy and section 5 of our Terms & Conditions which deals with user-generated content. All comments will be moderated before posting.

Required fields are marked *
Email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog


Keeping the conversation going beyond Pride Month

As I reflect on all the celebrations of Pride Month 2024, I ask myself why there remains hesitancy amongst LGBTQ+ staff members about when it comes to being open about their identity in the workplace.


Third-party managed accounts: Your key questions answered

The Solicitors Regulation Authority has given strong indications that it is headed towards greater restrictions on law firms when it comes to handling client money.


Understanding vicarious trauma in the legal workplace

Vicarious trauma can happen to anyone who works with clients who have experienced trauma such as domestic or other violence, child abuse, sexual assault, torture or being a refugee.


Loading animation