Division B: Electronic Communications
1.1 Rule B1.9.1 provides that "You must communicate effectively with your clients and others."
1.2 Rule B1.14.1 provides "You must not knowingly mislead other regulated persons or where you have given your word go back on it"
See also the Society’s Social Media – Advice and Information for the Legal Profession and relevant ICO guidance and BSI/ISO standards.
2.1 Written email and social media policies intimated in writing to everyone in the practice unit is good risk management. They should be reviewed regularly and link to other relevant practice unit policies (for example, E-Communications, Business Continuity, Equal Opportunities, Bring Your Own Device, IP/copyright infringement or IT Security Policies etc.).
2.2 Properly intimated and enforced policies are of particular importance if practice units intend to monitor employee communications and other use of their systems. If a practice unit intends that an employee should have no expectation of privacy in respect of communications and/or use of the systems the relevant policy should contain a clear statement to that effect. Organisations with offices abroad should bear in mind the potential legal and privacy differences between the UK and other countries.
2.3 Emails should include the same information as provided on letterheads and there may be other sector specific regulatory information to be included. For incorporated practice units, the requirements of the Companies Act 2006 and Limited Liability Partnerships (Application of Companies Act 2006) Regulations 2009, as amended from time to time, should be considered.
2.4 Professional solicitor correspondence is generally confidential and may attract legal professional or litigation privilege. Although there is some doubt as to the legal effect of such clauses, it is good risk management to include a warning in emails that the communication is confidential and may attract legal professional and/or litigation privilege. Automatic inclusion of such a warning on all external emails is recommended.
2.5 Routine monitoring of email to ensure professional standards are being maintained and the advice given is appropriate and adequate is good practice but must be carried out only in accordance with relevant legislation: there is no blanket right for practice units to monitor and intercept emails. The principles of any monitoring should be outlined in the practice unit's email policy. The relevant legislation to consider includes:
- Regulation of Investigatory Powers Act 2000 (RIPA)
- Data Protection Act 1998 (DPA) (the ICO Guidance should also be considered)
- The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (LBP Regulations)
Similar consideration should be given to the recording and monitoring of telephone calls, appropriate warning notices and recorded messages etc.
2.6 If private emails may be intercepted and read, the practice unit's email policy should ensure the freely given consent of staff. Practice units should consider the implications of consent being withdrawn. It is possible to monitor emails without consent but only provided the requirements of the LBP Regulations (and, in particular, Reg. 3(2)) are met. The Information Commissioner’s Office also publishes useful guidance on DPA aspects of workplace monitoring, including email monitoring, within the Employment Practices Code available for download on the ICO website. This is the UK position but it may differ in other parts of the EU.
Professional undertakings and contracts
3.0 Professional undertakings may be given by unsecured email but practice units should be cautious when accepting them: it is not difficult to fake both content and sender details. The act of typing a name into an electronic document, including an email, may of itself be a form of electronic signature, depending on the particular circumstances. The use of digital signatures and/or encryption may provide assurances for the recipient as to the authenticity, integrity and confidentiality of email.
3.1 Practice units receiving a professional undertaking by email or SMS text should check that the context provides reasonable assurance of its authenticity and should consider the need for a check by telephone or fax etc. that it came from its purported sender.
3.2 Although some special rules apply to those contracts which require to be in writing, in general a contract may be formed by email or other electronic means. The same risks and considerations of intention, clarity and authority (actual or ostensible) therefore apply to email as to any other form of communication and firms should seek wherever possible to mitigate these risks. Accordingly care should be taken, possibly by the inclusion of a standard disclaimer to the effect that emails are not contractual except perhaps where accompanied by a digitally encrypted signature. This may not necessarily prevent the formation of a contract and as the law in this area is not mature, the best advice would appear to be to minimise any risk of misunderstanding and confirm any instructions/details if at all possible.
3.3 There is still a duty on a solicitor to follow up a fax or email of a contractual document with the original as soon as possible. (unless the email contains a digital signature creating a binding contract). This is particularly relevant for the delivery of missives and there is further Society guidance available on this. Furthermore, if a solicitor is not sure if a contractual document can be sent electronically, a fax or email version should not be sent. It was held in the 2009 Sheriff Court case of Thomas Park, Petitioner that a bargain was concluded where the final Missive was communicated by fax and the Journal report can be found here. E-missives are expected to become available later in 2014 according to this Journal article.
4.0 Solicitors will generally be required to register (notify) as data controllers under the DPA and comply with the relevant regulation. It is prudent to appoint a specific person within the practice unit to manage this.
4.1 The Regulation of Investigatory Powers Act 2000 which applies to the whole of the UK creates several offences including interception of a communication in the course of its transmission without lawful authority. The offences potentially apply to a practice unit's monitoring and recording of email communications sent and received by staff. The LBP Regulations set out various circumstances in which monitoring and recording of email for business related purposes is deemed to have lawful authority. Monitoring and recording email will also generally involve the processing of personal data under the DPA.
4.2 Article 8 of the European Convention on Human Rights (ECHR) provides that "everyone has the right to respect for his private and family life, his home and his correspondence". The right to privacy extends to the workplace. Whilst practice units are not public authorities and therefore the Human Rights Act 1998 does not apply to them directly, the Courts are increasingly taking human rights cases into account in their decisions. Employment tribunals considering any claim made by a disgruntled employee are required to have regard to the Articles of the ECHR in the course of their decision making.
4.3 Directive 2000/31/EC (the E-Commerce Directive) applies to solicitors' services provided electronically from or within the EU, except for litigation and notarial work. It also applies to electronic advertising, including websites.
(a) The Society's rules will apply to the exclusion of other professional rules if a practice unit in the UK provides electronic services (even for example an email sent from a laptop while a solicitor is on a visit to France).
(b) If a solicitor based at an office in an EU state other than the UK provides electronic services (even for example an email sent from a laptop while a solicitor is on a visit to London) the professional rules of that EU state will apply, to the exclusion of the other professional rules.
(c) Solicitors providing services electronically or advertising electronically must provide customers with certain information:
(i) name, address, email address and VAT number;
(ii) where price is referred to, clear indications of price;
(iii) professional details, as follows:
· If the office is in the UK, the client must be told that the service is provided by Scottish solicitors, regulated by the Society (and any other relevant regulator), and how to access the Society's rules. This can be done by providing a link to www.lawscot.org.uk.
· If the solicitor is based at an office in another EU state, the client must be told that the service is provided by a Scottish solicitor, registered with (for example) the Athens Bar, and how to access the rules of that Bar. It is recommended that all emails providing electronic services (as opposed to merely communicating by email) include this information or a link to it.
4.4 If electronic trading is carried out, (very unlikely in the present context) suppliers must provide a description of:
(i) The technical steps required to enter into the contract;
(ii) how customers may correct any inputting errors; and
(iii) how customers can access and store the terms of the contract made.
5.0 Email can present problems because it can arrive unseen by other members of staff. Arrangements should be made to check incoming emails where the recipient may be absent and automated "out of office" responses should be used where appropriate.
5.1 Most practice units print emails and file a copy in their paper records, although by doing so, evidence contained in the email header may be lost. The header usually includes a trail of the computers from which the email was sent, through which it has been routed, dates/times and other information. This information would be useful evidence in the event of a dispute. A paper print will not usually contain all of these details.
Consideration should also be given to electronic archiving and storage of significant and substantive emails (including emails that are subject to statutory retention periods) to retain this forensic evidence. Where applicable, record retention and destruction policies should apply to the storage and effective destruction of emails and other electronically stored information.
5.2 Where some correspondence about a matter is stored electronically and the rest is on paper, practice units should ensure that none of the material will be overlooked if responsibility for a matter is transferred (perhaps temporarily). Practice units should also be confident that they know what information their systems record. If not, an audit may be appropriate.
5.3 Practice units should note the risk of filtering out legitimate client correspondence using spam filters. If practice units use spam filters they should warn clients not to assume that every email sent by or to them will be received. They should explain that important communications should always be followed up with a phone call, fax or printed copy by post.
5.4 Practice units who are themselves considering email marketing campaigns should familiarise themselves with the requirements of the law on the matter and also consider relevant professional rules of conduct. Electronic marketing includes not only email but also text messages, faxes and other electronic means of communication. Usually express consent must be obtained from the recipient, although there can be limited exemptions for existing clients. The relevant legislation includes the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended) and useful guidance on the practical implications of these Regulations and the DPA on email marketing may be found on the ICO website.
5.5 Care should be taken using "Reply All" given that this may, with certain email systems, include Bcc (Blind Courtesy Copy) parties who you cannot identify and who you or your client may not wish to see your response. The Society has also given some further thoughts in the Journal on emails sent in error.