*/
Stephen Kenny QC addresses the legal and ethical considerations when offering student placements and Melanie Mylvaganam asks whether you’re travelling ethically: tips on keeping your clients’ data secure
The Bar is making increasing efforts to provide school students with the opportunity to have some experience of our working lives, with a view to encouraging them to consider the possibility of a career as a barrister. Many readers will have supported these initiatives by offering work experience placements in chambers.
There are, however, some serious legal and ethical considerations that the Ethics Committee would suggest you consider before offering such a placement to a student; particularly one under the age of 18. We have issued a new guidance note to highlight these, which you can find on the new Ethics and Practice Hub website, alongside our general guidance on mini-pupils, here.
One set of problems relates to a barrister’s duty to keep the affairs of each client confidential (Core Duty 6). As we point out in our note, it is doubtful that a student under the age of 18 can be bound by duties of confidence; even if he or she has signed a ‘confidentiality undertaking’. Absent very specific client agreement, therefore, a student under the age of 18 should not be allowed to see or hear about any material which remains confidential to the client.
It is also very doubtful that allowing a student (or in fact any mini-pupil) to see or hear about a document disclosed under legal compulsion by another party to litigation is ‘use for the purpose of the proceedings in which it will have been disclosed’, within CPR 31.22 (or similar). It is our view that the contents of those documents cannot therefore be shown to or discussed with a student/mini-pupil, at least until they have been read to or by a public court.
And then there is the question of data protection. As data controllers, barristers will also owe duties under the Data Protection Act 1998 – and not only in relation to their clients. If data is capable of being related to any other identifiable person, then fair processing obligations are owed to them too.
"It is doubtful that a student under the age of 18 can be bound by duties of confidence; even if he or she has signed a ‘confidentiality undertaking’"
A barrister’s case papers are, of course, very likely to include personal data which relates, identifiably, to persons other than the client. This could be an opposing party, a witness or potential witness; indeed any person. Disclosure of such data to a student or mini-pupil will almost certainly involve ‘processing’ of that data, and the conditions for fair processing will be very difficult to meet in circumstances where personal data will be passed to an under 18-year-old, and effectively impossible where it amounts to ‘sensitive personal data’.
Against this background, the only safe advice we can give is that under-18s cannot be allowed to see case papers unless these are restricted to publicly available materials, including those that have been read to or by a court, or materials obtained from and relating only to the client (with the client’s specific agreement).
Documents disclosed under legal compulsion by other parties must not be given to the student at all unless they have become public. It will be obvious from this that sharing papers for appeal hearings, and attendance at those hearings, is much less likely to cause problems than other types of work.
Finally, we caution barristers not to imagine that these difficulties can simply be avoided by anonymising documents. The able and enthusiastic students whom the Bar is most keen to attract will often be able to work out to which individuals anonymised documents refer; barristers should avoid that risk altogether.
Contributor Stephen Kenny QC, Bar Council Ethics Committee
With increasing importance placed on border security worldwide, the very real risk of being asked to hand over or unencrypt one’s laptop, mobile phone or other electronic device may come as no surprise. But for legal professionals who are carrying data confidential to their client, this presents a dilemma which is fundamentally ethical in nature.
Notwithstanding the resulting breach by the lawyer of legal professional privilege, the US in particular exercises far-reaching powers at border control to take, copy and retain information including all the contents of hard drives, as well as to require the traveller to reveal all encryption keys. It is a sobering reality that one’s status as a legal professional is not always sufficient to protect the client data you carry from such exposure. Corrupt border officials have also been known to require ‘taxes’ – legitimate or otherwise – for bringing your device into the country, without payment of which your device could be confiscated.
Dealing with the foreign border authority will look different in each situation, and if you are going to be carrying confidential client data, you should research prior to your travels how you can exercise professional privilege at a particular border crossing.
It is better to be aware of these possibilities and prepare for your travels accordingly. As a barrister you consider your core duty of confidentiality to your clients (BSB Handbook, CD6, rC15.5) on a day-to day-basis, but translating this into travel advice might be a new consideration. The IT Panel’s new ‘Advice for those travelling’ note seeks to assist you in doing just that, and avoid inadvertent breaches arising from your travels.
It is important to identify the pieces of technology which carry particular risk. Will you be taking a USB flash drive for work? This needs to be satisfactorily encrypted, and stored carefully to avoid being lost or stolen. How are you going to charge your devices? You should use your own USB charger, and be particularly careful about charging from another device – it is possible for a compromised computer to in turn compromise your own device.
Computers belonging to others must be used with the utmost care, and internet cafes should be treated as fully compromised. Entering your credentials is another area of high risk – use of a password on any system carries the risk that the password could be stored or used. This is something to be mindful of even when not travelling - web browsers (eg Google Chrome, Safari, Internet Explorer) are often set to store your credentials for later use. It is a good idea to learn where to find and alter these settings.
In any case, it is good practice to minimise the confidential data held on your devices while travelling, especially where you are confident that you can rely on secure remote working. Secure remote working involves a number of considerations to think about before you travel – see the IT Panel’s note for more details.
In all of your travels, you should plan for the reasonable possibility of becoming – at least temporarily – separated from your device(s), and the possibility of their being accessed. The financial impact of lost or stolen devices are one thing – but the impact of a data security breach is a breach of your ethical duties, and should be your primary consideration.
Contributor Melanie Mylvaganam, policy analyst: legal affairs, practice & ethics
Melanie is a policy analyst: legal, affairs, practice and ethics for the Bar Council, leading on anti-money laundering/counter-terrorist financing policy, direct access policy and IT policy. Melanie also manages the professional practice and ethics document library for barristers, and is an ethical adviser on the Ethical Enquiries Service.
The Bar is making increasing efforts to provide school students with the opportunity to have some experience of our working lives, with a view to encouraging them to consider the possibility of a career as a barrister. Many readers will have supported these initiatives by offering work experience placements in chambers.
There are, however, some serious legal and ethical considerations that the Ethics Committee would suggest you consider before offering such a placement to a student; particularly one under the age of 18. We have issued a new guidance note to highlight these, which you can find on the new Ethics and Practice Hub website, alongside our general guidance on mini-pupils, here.
One set of problems relates to a barrister’s duty to keep the affairs of each client confidential (Core Duty 6). As we point out in our note, it is doubtful that a student under the age of 18 can be bound by duties of confidence; even if he or she has signed a ‘confidentiality undertaking’. Absent very specific client agreement, therefore, a student under the age of 18 should not be allowed to see or hear about any material which remains confidential to the client.
It is also very doubtful that allowing a student (or in fact any mini-pupil) to see or hear about a document disclosed under legal compulsion by another party to litigation is ‘use for the purpose of the proceedings in which it will have been disclosed’, within CPR 31.22 (or similar). It is our view that the contents of those documents cannot therefore be shown to or discussed with a student/mini-pupil, at least until they have been read to or by a public court.
And then there is the question of data protection. As data controllers, barristers will also owe duties under the Data Protection Act 1998 – and not only in relation to their clients. If data is capable of being related to any other identifiable person, then fair processing obligations are owed to them too.
"It is doubtful that a student under the age of 18 can be bound by duties of confidence; even if he or she has signed a ‘confidentiality undertaking’"
A barrister’s case papers are, of course, very likely to include personal data which relates, identifiably, to persons other than the client. This could be an opposing party, a witness or potential witness; indeed any person. Disclosure of such data to a student or mini-pupil will almost certainly involve ‘processing’ of that data, and the conditions for fair processing will be very difficult to meet in circumstances where personal data will be passed to an under 18-year-old, and effectively impossible where it amounts to ‘sensitive personal data’.
Against this background, the only safe advice we can give is that under-18s cannot be allowed to see case papers unless these are restricted to publicly available materials, including those that have been read to or by a court, or materials obtained from and relating only to the client (with the client’s specific agreement).
Documents disclosed under legal compulsion by other parties must not be given to the student at all unless they have become public. It will be obvious from this that sharing papers for appeal hearings, and attendance at those hearings, is much less likely to cause problems than other types of work.
Finally, we caution barristers not to imagine that these difficulties can simply be avoided by anonymising documents. The able and enthusiastic students whom the Bar is most keen to attract will often be able to work out to which individuals anonymised documents refer; barristers should avoid that risk altogether.
Contributor Stephen Kenny QC, Bar Council Ethics Committee
With increasing importance placed on border security worldwide, the very real risk of being asked to hand over or unencrypt one’s laptop, mobile phone or other electronic device may come as no surprise. But for legal professionals who are carrying data confidential to their client, this presents a dilemma which is fundamentally ethical in nature.
Notwithstanding the resulting breach by the lawyer of legal professional privilege, the US in particular exercises far-reaching powers at border control to take, copy and retain information including all the contents of hard drives, as well as to require the traveller to reveal all encryption keys. It is a sobering reality that one’s status as a legal professional is not always sufficient to protect the client data you carry from such exposure. Corrupt border officials have also been known to require ‘taxes’ – legitimate or otherwise – for bringing your device into the country, without payment of which your device could be confiscated.
Dealing with the foreign border authority will look different in each situation, and if you are going to be carrying confidential client data, you should research prior to your travels how you can exercise professional privilege at a particular border crossing.
It is better to be aware of these possibilities and prepare for your travels accordingly. As a barrister you consider your core duty of confidentiality to your clients (BSB Handbook, CD6, rC15.5) on a day-to day-basis, but translating this into travel advice might be a new consideration. The IT Panel’s new ‘Advice for those travelling’ note seeks to assist you in doing just that, and avoid inadvertent breaches arising from your travels.
It is important to identify the pieces of technology which carry particular risk. Will you be taking a USB flash drive for work? This needs to be satisfactorily encrypted, and stored carefully to avoid being lost or stolen. How are you going to charge your devices? You should use your own USB charger, and be particularly careful about charging from another device – it is possible for a compromised computer to in turn compromise your own device.
Computers belonging to others must be used with the utmost care, and internet cafes should be treated as fully compromised. Entering your credentials is another area of high risk – use of a password on any system carries the risk that the password could be stored or used. This is something to be mindful of even when not travelling - web browsers (eg Google Chrome, Safari, Internet Explorer) are often set to store your credentials for later use. It is a good idea to learn where to find and alter these settings.
In any case, it is good practice to minimise the confidential data held on your devices while travelling, especially where you are confident that you can rely on secure remote working. Secure remote working involves a number of considerations to think about before you travel – see the IT Panel’s note for more details.
In all of your travels, you should plan for the reasonable possibility of becoming – at least temporarily – separated from your device(s), and the possibility of their being accessed. The financial impact of lost or stolen devices are one thing – but the impact of a data security breach is a breach of your ethical duties, and should be your primary consideration.
Contributor Melanie Mylvaganam, policy analyst: legal affairs, practice & ethics
Stephen Kenny QC addresses the legal and ethical considerations when offering student placements and Melanie Mylvaganam asks whether you’re travelling ethically: tips on keeping your clients’ data secure
Sam Townend KC explains the Bar Council’s efforts towards ensuring a bright future for the profession
Giovanni D’Avola explores the issue of over-citation of unreported cases and the ‘added value’ elements of a law report
Louise Crush explores the key points and opportunities for tax efficiency
Westgate Wealth Management Ltd is a Partner Practice of FTSE 100 company St. James’s Place – one of the top UK Wealth Management firms. We offer a holistic service of distinct quality, integrity, and excellence with the aim to build a professional and valuable relationship with our clients, helping to provide them with security now, prosperity in the future and the highest standard of service in all of our dealings.
Is now the time to review your financial position, having reached a career milestone? asks Louise Crush
If you were to host a dinner party with 10 guests, and you asked them to explain what financial planning is and how it differs to financial advice, you’d receive 10 different answers. The variety of answers highlights the ongoing need to clarify and promote the value of financial planning.
Most of us like to think we would risk our career in order to meet our ethical obligations, so why have so many lawyers failed to hold the line? asks Flora Page
If your current practice environment is bringing you down, seek a new one. However daunting the change, it will be worth it, says Anon Barrister
Creating advocacy opportunities for juniors is now the expectation but not always easy to put into effect. Tom Mitcheson KC distils developing best practice from the Patents Court initiative already bearing fruit
Sam Townend KC explains the Bar Council’s efforts towards ensuring a bright future for the profession
The long-running fee-paid judicial pensions saga continues. The current cut-off date for giving notice of election to join FPJPS is 31 March 2024, and that date now gives rise to a serious problem, warns HH John Platt
