COVID-19 EXPERT LEGAL INSIGHTS

A reminder for solicitors and law firms about their regulatory obligations

23 March 2020

Towards the end of last year I commented, as part of our Solicitors Regulation Authority (SRA) Standards and Regulations (StaRs) blog series, that the introduction of the StaRs on 25 November 2019 was an opportunity to take stock and introduce steps to ensure compliance going forward; it was a time to prioritise, not panic.


Little did we know then that Covid-19 was around the corner and set to test our systems and processes yet further. Whilst the uncertainty around Covid-19 inevitably gives rise to a sense of unease, this can be seen as another opportunity to step back and prioritise, to ensure you are complying with your regulatory obligations during these otherwise uncertain times. Reviewing systems and processes now could ensure future work systems that help you achieve optimum standards in terms of business continuity, security, and supervision during unpredictable times. In turn, this could improve not only your firm’s capability in respect of regulatory compliance, but services for clients and, ultimately, client satisfaction. This ever-changing and uncertain climate could, in fact, bring about positive change for law firms.

So what are some of the key regulatory risks law firms face in respect of Covid-19 and how can these be tackled?

Hard copy documents/removable media

The clear message from the government - to avoid all unnecessary travel and to work from home wherever possible - has made remote working more a necessity than an option.

The increased risk of data breaches and the loss of confidential information through hard copy documents being transported and kept at home, rather than in offices with the necessary systems and controls in place, is inevitable.

Colleagues should work digitally wherever possible and be advised against working from hard copy documents and minimising the need to make handwritten notes of calls or virtual meetings they attend – typed notes should be encouraged. This may mean firms need to expand their teams working for particular clients to include administrative support, input from paralegals or individuals with an advanced technological skill-set, should detailed notes of meetings or conferences be needed.

If working digitally is not possible, for whatever reason, transporting and storing documents in a locked receptacle should be made compulsory. You may want to give further thought to suggesting the types of lockable storage you would prefer individuals to try to use, wherever possible. For example, a large lockable filing cabinet or lockable drawer within a desk is likely to be harder to make off with than a portable lockable rucksack. Where this is not possible, you may want to remind colleagues to keep their working environment as secure as possible, by setting a home security alarm and closing windows when they go out. This is about reminding colleagues of basic steps they can take to minimise the chances of confidential information being lost or stolen. Likewise, the use of removable media to transport data should be discouraged and, where such media is used, the importance of the relevant device being encrypted must be clearly communicated.

It may be that you will need to consider reviewing underpinning policies with a view to amending them or, at the very least, reminding colleagues of their existing obligations.

Colleagues should consider notifying parties with whom they have corresponded by post previously / relied on service of documents by post, that correspondence should be electronic-only going forward (wherever possible).  This is in anticipation of any full office closures should isolation measures be ramped up in the UK in the coming days and weeks and to manage the associated risks of missing key documents and communications.

 

Data security generally

Remote working introduces further risks to data security beyond inadvertent disclosure or loss of hard copy papers/removable media.

Colleagues should be reminded to work, where necessary and indeed where possible, in private environments where conversations of a confidential nature cannot easily be overheard and computer screens cannot be easily seen by third parties. The importance of locking computer screens when unattended (even within one’s home) should be reinforced. Colleagues should be encouraged to avoid predictable passwords and consider using password managers.

Working from home does not always mean literally ‘from home’. Accordingly, colleagues should be reminded that public Wi-Fi hotspots are not secure and vulnerable to hacking, and it is hard to prove that a hotspot belongs to the company or individual it claims. The SRA advises that in most cases, modern websites (using HTTPS) will protect you from risk. Using work mobiles as ‘hot spots’ may be a necessary alternative if another secure network is unavailable, but be aware there can be increased costs associated with this method.

Due to difficulties in contacting individuals on office telephone numbers or limited availability of support staff to contact various individuals on behalf of lawyers, colleagues may need to send more emails than usual. Likewise, sharing a confidential document in person in the office will now most likely be done virtually or via email. Colleagues should be reminded to check and double check email addresses used, to authenticate email addresses by independent means wherever possible, and to password protect attachments to emails (with the password being provided separately) to best protect against any potential breaches.

The ability to ‘share your screen’ through providers such as Skype for Business should also be used with caution and, in some circumstances, limited to internal meetings. Colleagues should be advised to ensure only appropriate material/data is shared with the parties attending a particular meeting or call. Disenabling email pop-ups is one precaution worth considering so that confidential information is not inadvertently displayed to others whilst screen sharing.

Laptops should be encrypted and firms should have a system to track devices and delete data from tablets and phones remotely if they are lost or stolen. The SRA also recommends two-factor authentication for email and log-ins, where possible.

If colleagues think that a data breach has occurred, they should be reminded of whom to report this to within your firm, and how. They should also be reminded of the requirement for this to be done promptly (given the 72 hour deadline under the GDPR to report where there has been a breach of personal data).  

 

Accountability 

As part of our StaRs blog series, my colleagues Shannett Thompson and Charlie Roe commented on how the twin themes of accountability and exercising judgement pervade the StaRs. The introduction to the Code for Individuals stresses, ‘[y]ou must exercise your judgement in applying these standards to the situations you are in and deciding on a course of action, bearing in mind your role and responsibilities, areas of practice and the nature of your clients.’ It goes on to state, [y]ou are personally accountable for compliance with this Code – and our other regulatory requirements that apply to you – and must always be prepared to justify your decisions and actions.”

The Code for Firms further emphasises the breadth of accountability for a firm and its staff. Whilst noting that any serious failure to meet the standards or serious breach(es) may lead to regulatory action being taken against the firm, its managers or compliance officers, the code also notes: ‘[w]e may also take action against employees working within the firm for any breaches for which they are responsible.’

A reminder to colleagues of their obligations under the respective Codes is recommended. Being away from the office should not lead to a relaxed attitude to the importance of one’s regulatory obligations. Individuals should be aware that they are responsible for the professional judgement they exercise when working at home and that the various discussions and decisions taken on a particular case, for example around disclosure or potential conflict points, should be carefully recorded. This should include reasoning for why they have chosen to act in a certain way, so that they can justify decisions, should they need to, in the future. The SRA’s Enforcement Strategy recognises, however, that mistakes do happen; clear record keeping will help the SRA decipher between honest mistakes and those that are less excusable.

 

Further record keeping considerations 

Colleagues will need to keep records/evidence of expenses (for example, duty solicitors having to get taxis to police stations to avoid public transport during the outbreak) perhaps by taking photographs of them and emailing them to their administrative support teams so that they can be processed in accordance with the firm’s expenses policy (and/or billed promptly to the client as a disbursement, as opposed to when normality resumes which may well be months away). For those individuals without a work phone, they will want to keep a record of work calls made using their personal phone package. Likewise, colleagues may wish to buy computer screens or office supplies to enable them to work more comfortably from home. Firms will need to consider whether their existing policies cover such eventualities or whether interim policies will need to be introduced to ensure fair and efficient work patterns at home. 

 

Supervision

The Code for Individuals at paragraph 3.5 makes clear that when supervising others in the provision of legal services, practitioners remain accountable for any work conducted on their behalf. Delegating work does not, therefore, break the chain of personal accountability. Practitioners must exercise their professional judgement as to whether the individual to whom they have delegated is sufficiently experienced and able to complete the work in question. When working remotely, it is important that regular supervision meetings still continue to ensure close monitoring of work and workloads to act as a check on standards and the quality of output. Although not in the office, partner visibility is important to ensure juniors feel able to raise questions and concerns and to encourage open and frequent communication channels.

 

Electronic signatures

The need for electronic signatures for, amongst other things, letters, court documents, and bills (to ensure they are enforceable) is something to add to the checklist; whilst there is not a one size fits all solution, firms should consider their own approaches and policies on the signing of documents, to ensure they are workable and adequate for remote working and amend these if necessary.

 

Childcare

With the announced closure of schools for most children, and the inability to rely on older family members to assist with childcare, the demands on working parents is a consideration that should be high on the agenda for firms. Encouraging colleagues to communicate any particular stresses on their time and working environment will be key. Discussing flexible ways of working and the ability to share work and personal commitments during the day will help colleagues feel supported and ensure efficient work patterns. 

Any existing policies on working from home/flexible working may need to be revisited.  

 

Policies and procedures generally 

A comprehensive, and ongoing, review of all existing policies and procedures to ensure their adequacy in dealing with the various issues arising from the current situation as they occur should be considered. Additionally, clear internal communications should be issued, reminding colleagues of the existence and availability of a firm’s policies and procedures and any amendments made to them.

 

Commentary

Many firms will have established tried and tested procedures to enable remote working for their employees as the push for agile working in the legal sector has intensified over recent years. Whilst firms are likely well equipped for this large-scale change in working practices for, what seems to be, the foreseeable, the importance of reviewing and improving systems in this context to ensure continued compliance with regulatory obligations will help achieve one of the ultimate aims during this difficult time; to ensure, as far as possible, that it is ‘business as usual’.

A shorter form version of this blog was published by Legal Week on Friday 20 March.

About the authors

Jessica Clay is a Senior Associate in the Regulatory department and specialises in legal services regulation, with a focus on regulatory compliance, legal ethics, investigations and public law matters. 

Charlotte Judd is an Associate in Regulatory  department and assists and advises on matters including defending regulated individuals, organisations and corporates; advice for regulators and public bodies and legal services regulation.

COVID-19 related insights:

COVID-19 related insights:

Our COVID-19 statement

We recognise that these unique times are presenting unprecedented challenges for our clients and we are here to support you in any way we can.

Click to view

Can you get out of or suspend a contract because of Coronavirus?

Alex Torpey covers the key things to look out for if you are relying on the Force Majeure clause.

Watch the video on LinkedIn

Overcoming the challenges of co-parenting for separated and divorced parents

Rachel Freeman, Partner in our Family Law team, addresses some issues that we are seeing arise for separated parents in the current crisis.

Read the blog

Tech in Two Minutes - Episode 7 - The Coronavirus challenge for tech coworking spaces

Andrew Solomon speaks about the challenge for tech companies and coworking spaces during the current COVID-19 pandemic.

Listen to the podcast

Property done Properly - Episode 1 - COVID-19: Tips for documenting a Rent Concession

Rent Concessions are on the rise during the outbreak of COVID-19. In the first Property done Properly podcast, David Newnham discusses six of the practical considerations when documenting Rent Concessions

Listen to the podcast

The legal basis for lockdown

Alun Milford, Partner in our Criminal Litigation team, provides an in-depth look at the legal basis behind the current lockdown.

Read the blog

Managing your Migrant workforce in the COVID-19 crisis

On Friday 3 April, immigration partner and head of department, Nick Rollason, hosted a webinar looking at urgent issues employers are facing during the COVID-19 crisis and answered some of the key questions being raised.

Watch the webinar recording

Furlough leave and the Coronavirus Job Retention Scheme: key legal considerations for Employers

On Thursday 9 April, Andreas White, Partner in our Employment Law Team, delivered an overview of the scheme with a focus of the key legal issues for UK employers.

Watch the webinar recording

Coronavirus and the perils of signing your Will

Will instructions have apparently risen by 30% since COVID-19 reached our shores. What effect does COVID-19 have on Will signings? James Ward and Diva Shah in our Private Client team blog.

Read the blog

The juggling act of a single mother, home school teacher and head of a family team

Charlotte Bradley, Head of our Family Law Team, reflects on how the COVID-19 crisis has affected working parents like her.

Read the blog

The future public inquiry into COVID-19

Calls for a public inquiry are continuing to mount and are likely to prove difficult to resist. In this blog, Sophie Kemp considers the framework for such inquiries, and the key issues likely to form the core of its terms of reference.

Read the blog

Share insightLinkedIn Twitter Facebook Email to a friend Print

Email this page to a friend

We welcome views and opinions about the issues raised in this blog. Should you require specific advice in relation to personal circumstances, please use the form on the contact page.

Leave a comment

You may also be interested in:

Skip to content Home About Us Insights Services Contact Accessibility