Confidential client information stored in the ‘cloud’ could be accessed by US authorities, the Bar Council has warned.
The IT Panel issued advice in February to help ensure practitioners do not inadvertently infringe the Data Protection Act.
It explains that a combination of the US Patriot Act and other US laws confer powers on the American security services to access personal information stored on facilities provided by US persons or companies, without the knowledge or consent of their customers.
This occurs when the information is stored on computers owned directly or indirectly by US corporations, for example: where case files, emails and accounts are stored on cloud services; where files and administrative software is hosted externally as part of chambers’ back-up or disaster recovery plan; and where chambers use other miscellaneous IT services. Such information may be inadvertently disclosed to the US authorities.
Barristers were warned to check where legally privileged and confidential information is stored, whether any company which stores professional information has US parentage, and if they could be subject to the provisions of the US Patriot Act, and to consider encrypting access to data placed on external servers.
Jacqueline Reid, Chair of the Bar Council IT Panel, said US laws confer considerable surveillance powers on US authorities.
‘Barristers routinely retain legally privileged information relating to their clients, and they should be aware that these surveillance powers can place the confidentiality and security of this highly confidential information at risk.’