Law Society issues guidance on data retention

Eoin Molloy (Content Editor) Ireland

February 13, 2019

On Tuesday 5 February, the Law Society of Ireland issued a new Practice Note entitled: 'Data retention and destruction of paper and electronic files'. This follows on from a 2005 note in the same area, repeating and revising guidance in relation to best practice cyber-security procedures as they pertain to solicitors and barristers. 

Following the implementation of GDPR last May, data - and the collection and retention thereof - has been elevated to a position of special importance for most practitioners, given that solicitors and barristers will undoubtedly be classified as 'data controllers' for the purposes of the regulation. Therefore, it is paramount that practitioners remain cognisant of their obligations under the GDPR.

The new Practice Note advises solicitors to draft a data retention policy and states:

'A solicitor is not required to retain a file indefinitely. At the start of a matter it is worth explaining to your client that you operate a retention policy; this can be set out in your written terms and conditions. Clients can also be notified about a retention policy via an online privacy policy. Clients should be advised if they will be charged a search/retrieval fee for taking up files from storage

The Practice Note then goes on to advise solicitors of the recommended periods of retention, as laid out in the Law Society's Guide to Good Professional Conduct for Solicitors (3rd Edition), which provides for the following:

'In order to protect the interests of clients who may be sued by third parties and also to protect the interests of a solicitor's firm which may be sued by former clients or by third parties, a solicitor should ensure that all files, documents and other records are retained for appropriate periods. Appropriate periods refer to the relevant statutory period for the issue of legal proceedings. The table below is intended to provide general guidance to solicitors in assessing appropriate periods for retention.'

All files must be retained for a minimum period of seven years, broken down as six years for the limitation period and one year for service of proceedings. Mandatory retention periods do however vary based on the subject matter of the action. Conveyancing files for example must be retained for 13 years following completion and files pertaining to minors must be retained until the child reaches the age of majority.

All of this is subject to the proviso that no personal data ought to be retained for longer than is necessary, pursuant to the provisions of the GDPR. Once the period of mandatory retention has passed, all paper files should be shredded. The Law Society also recommends physically destroying hardware to ensure that electronic data has been safely gotten rid of. 

The Practice Note may be accessed in full here, and the table of mandatory retention periods may be accessed here. For more guidance on how GDPR affects your business or organisation, click here.

 

 


Note: This is not intended to be relied upon as legal advice. Any errors should be notified to the editor and will be dealt with accordingly.

 

 

 

Archives

2019

2018

2017

2016

2015

2014

2013

2012

2011