The Law Society erroneously advised firms to delete client data if they didn't obtain fresh consent to keep it.
The Law Society was attempting to advise members about the steps they should take to comply with GDPR, the glorious new data regime that's requiring companies to beg for permission to keep sending junk. Only the Law Society took it a bit far, and told firms in emails and a PDF advice booklet that they were under an obligation to seek consent just to hold client data.
"Regardless of when you initially received consent from a client or any other individual (yesterday or 10 years ago)", advised the Law Society, "you must gather explicit consent again from all parties to hold and process their data".
It continued, "Start amending or deleting the records of individuals who have either denied consent or have not responded by the deadline you have given”.
A bonfire of client files would make a wonderful spectacle and give everyone in the office a fresh start feeling. But GDPR actually does not require a firm to to seek consent to hold information on people, only to contact them to explain the firm's data protection policy (and even the extent of that requirement is debatable).
There are reports that the misguided advice created confusion. Bernard George, the director of legal training provider Socrates, said “We had lots of reaction to our bulletin from firms, saying they had been staring at the LS guidance in bafflement”. The top tips from the Law Society, which lost a case brought by Socrates last year, was “disastrously wrong”, George told RollOnFriday. “You would be mad to start deleting client records just because people do not respond to a misguided request for consent”.
The Law Society has now removed its hardline interpretation of the GDPR requirements from its website. A spokesman said, “The Law Society moved very quickly to correct a recent email about GDPR. We apologise for our error and have re-contacted the people who received the communication with the mistake corrected”. Rather marvellously, it means the Law Society has sent two emails, one wrong and one a retraction, in response to regulations intended among other things to cut down unwanted emails.
Tip Off ROF
The Law Society was attempting to advise members about the steps they should take to comply with GDPR, the glorious new data regime that's requiring companies to beg for permission to keep sending junk. Only the Law Society took it a bit far, and told firms in emails and a PDF advice booklet that they were under an obligation to seek consent just to hold client data.
"Regardless of when you initially received consent from a client or any other individual (yesterday or 10 years ago)", advised the Law Society, "you must gather explicit consent again from all parties to hold and process their data".
It continued, "Start amending or deleting the records of individuals who have either denied consent or have not responded by the deadline you have given”.
"Hang on everyone. The Law Society would like to recall the message, 'Burn the outsider'." |
A bonfire of client files would make a wonderful spectacle and give everyone in the office a fresh start feeling. But GDPR actually does not require a firm to to seek consent to hold information on people, only to contact them to explain the firm's data protection policy (and even the extent of that requirement is debatable).
There are reports that the misguided advice created confusion. Bernard George, the director of legal training provider Socrates, said “We had lots of reaction to our bulletin from firms, saying they had been staring at the LS guidance in bafflement”. The top tips from the Law Society, which lost a case brought by Socrates last year, was “disastrously wrong”, George told RollOnFriday. “You would be mad to start deleting client records just because people do not respond to a misguided request for consent”.
The Law Society has now removed its hardline interpretation of the GDPR requirements from its website. A spokesman said, “The Law Society moved very quickly to correct a recent email about GDPR. We apologise for our error and have re-contacted the people who received the communication with the mistake corrected”. Rather marvellously, it means the Law Society has sent two emails, one wrong and one a retraction, in response to regulations intended among other things to cut down unwanted emails.
Comments
377
404
351
427
403
368
Of concern for the wider profession is the fitness of the Law Society to represent it in the public sphere if it keeps making these basic mistakes.
372
385
395
375
392
387
371
382
25/05/2018 10:13
Rate it
10
Report as offensive
What a glorious institution fit for the modern age the LS is. Aren't we all glad that it doesn't regulate us anymore. Oh, hang on...
The Law Society doesn't regulate anyone. That's the SRA.
362
402