You are here:
  1. Home
  2. Support services
  3. Help for solicitors
  4. Practice Advice Service
  5. Q and As
  6. Is encryption of emails a legal requirement?

Is encryption of emails a legal requirement?

I am the firm’s COLP and am concerned about sensitive information about clients being sent by email. Is encryption of emails a legal requirement?

There is no legal requirement to encrypt data. However, failure to do so in appropriate circumstances may lead to breaches of data compliance and confidentiality pursuant to the Data Protection Act 1998 and Outcome 7.5 of the SRA Code of Conduct 2011.

Encryption is one of the methods firms can adopt to secure data, particularly for email as personal data and sensitive information may be disclosed when an email has been sent to an incorrect recipient. Firms should have a policy governing the use of encryption, particularly when sending emails which contain sensitive personal data or financial information. The Information Commissioner may take regulatory action in cases where a lack of encryption has led to a loss of data.

The Information Commissioner has published a guide on encryption.

See more Law Society information and tips to protect your firm from scams.

Have you got a practice question? Call the Practice Advice Service on 020 7320 5675.

> See all of our helplines

Disclaimer: While every effort has been made to ensure the accuracy of the information in this article, it does not constitute legal advice and cannot be relied upon as such. The Law Society does not accept any responsibility for liabilities arising as a result of reliance upon the information given.

Back to Question List

Recommended

SRA Handbook (November 2016 Edition)
SRA Handbook (November 2016 edition)

Understand the latest changes and obligations. Updated to Version 18 (1 November 2016).

SRA Handbook (November 2016 edition) > More