There is no legal requirement to encrypt data. However, failure to do so in appropriate circumstances may lead to breaches of data compliance and confidentiality pursuant to the Data Protection Act 1998 and Outcome 7.5 of the SRA Code of Conduct 2011.
Encryption is one of the methods firms can adopt to secure data, particularly for email as personal data and sensitive information may be disclosed when an email has been sent to an incorrect recipient. Firms should have a policy governing the use of encryption, particularly when sending emails which contain sensitive personal data or financial information. The Information Commissioner may take regulatory action in cases where a lack of encryption has led to a loss of data.
The Information Commissioner has published a guide on encryption.
See more information and tips to protect your firm from scams
Disclaimer: While every effort has been made to ensure the accuracy of the information in this article, it does not constitute legal advice and cannot be relied upon as such. The Law Society does not accept any responsibility for liabilities arising as a result of reliance upon the information given.
Have you got a practice question? Call the Practice Advice Service on 020 7320 5675 or email email@example.com
The Practice Advice Service is staffed Monday to Friday from 9am to 5pm.