• Home
• Guidance
• Email Guidelines for the Bar

Email Guidelines for the Bar

Click here to download Annex A as a Word document [FILE SIZE: 36.5KB]

Important Note

The Bar Council Email Guidelines are intended to assist barristers achieve good practice in relation to email.  At points, they refer to duties which exist in professional conduct.  However, the Guidelines do not create, or extend or define the scope of, any duties of professional conduct.  To determine the conduct requirements in relation to any issue described in the Guidelines, reference should be made to the relevant rules and principles of professional conduct and not to these Guidelines.

Acknowledgement

The Bar Council email Guidelines are substantially based on those adopted by the Law Society which in turn worked with the Bar in drafting its own March 2004 guidelines. 

1. Introduction

1.1 Email is the most popular application on the Internet.  About 15 billion emails are sent every day and the number is growing.  The benefits to businesses and individuals are incalculable.

1.2 Email has also exposed businesses, including barristers and their chambers, to new risks.  These include the risk of non-compliance with various statutory requirements (for example, data protection legislation) and threats to the security of IT systems.  Most viruses are distributed via email.

2. Aim

2.1 The aim of these guidelines is to assist barristers and their chambers in the use of email.

2.2 Where barristers or chambers are not prepared to accept instructions by email then this should be made clear. In addition, should chambers not accept initial instructions by email, then it is for each member to determine whether or not to receive further instructions by this method. In any event, it is important that chambers consider having a written email policy; it will help to ensure the proper management and supervision of chambers, including compliance with rules of professional conduct and statutory requirements.

2.3 A draft model email policy which chambers can tailor to their requirements is set out in Annex A. Guidance on email security is offered in Annex B.

3. Professional Conduct

Confidential and Legally Privileged Correspondence

3.1 Barristers' advices, opinions and professional correspondence are generally confidential and may attract legal professional privilege.  Many barristers and chambers already include a warning to this effect in fax messages because of the risk that these will be sent to the wrong person by mistake.  Chambers should consider adopting similar confidentiality warnings for email.

3.2 While automated confidentiality warnings are unlikely to impose any legally binding duty on an unintended recipient, many recipients may be expected to heed them, and the warnings may therefore help prevent a mistake from causing loss. 

3.3 A typical form of words is:

"Information in this message is confidential and may be legally privileged.  If you are not the intended recipient, please notify the sender, and please delete the message from your system immediately."

3.4 Email servers can be configured to add a warning to all outgoing email.  Alternatively, a warning could form part of a signature block.  Automatic inclusion of a warning is recommended. 

3.5 Alternatively, barristers and chambers could prepare a template for use as and when needed.

Emails can be forwarded from the chambers system, thus enabling a barrister to collect their emails outside the chambers domain. Should a barrister have their emails forwarded in this way, they should be aware of the security implications that arise.

Timely Response

3.6 A barrister should deal promptly with communications relating to instructions.  Chambers already know how to handle incoming letters, faxes and telephone calls in the absence of a barrister on holiday or on circuit.  Email presents new problems because it can arrive unseen. 

3.7 Where a barrister uses the chambers email address, arrangements should be made to check incoming emails during periods of extended or prolonged absence.

3.8 Barristers and chambers should consider using automated out-of-office responses when they or their staff are away from chambers for a day or more.

3.9 Where possible, an automated out-of-office message should be sent only once to any email correspondent (most email systems allow this).

Records

3.10 Barristers and chambers should take a pragmatic and common sense approach to records of emails.  That is, significant and substantive emails (including emails that are subject to statutory retention periods) should be printed and stored, but those that are ephemeral can be left to expire from electronic storage in the ordinary course of events. Consideration should be given to retaining email in electronic format, because the meta data is not included in the printed version. It is relatively easy to create fraudulent emails, or alter emails after they have been sent, and for this reason it may be considered prudent to retain such valuable meta data in certain circumstances.

In the light of the provisions of the Fifth Principle of the Data Protection Act, care should be taken when deciding to retain emails and any attachments containing personal data. Careful consideration should be given to the nature of the emails and attachments that are to be retained, and those that are deleted or left to expire from storage.

3.11 Where some correspondence about a matter is stored electronically and the rest is on paper, barristers and chambers should ensure that none of the material will be overlooked if the brief is transferred (perhaps temporarily).

Barristers should be aware of the need to provide for the appropriate security of their email correspondence and any attachments, in the same way as they are expected to take reasonable precautions to provide for the security of their computers and any other means of communication they use when dealing with the affairs of a client. Further, consideration should be given to backing up the email correspondence at regular intervals.

4. The Data Protection Act 1988 (the DPA)

4.1 The Information Commissioner (www.informationcommissioner.gov.uk) maintains a public register of data controllers and data controllers must notify the Information Commissioner of certain registrable  particulars.

4.2 Barristers will generally be required to notify as data controllers under the DPA.  Separate guidance has been issued about the DPA.

4.3 Emails containing personal data must be processed in accordance with the principles of the DPA.  These include a requirement to process personal data fairly and lawfully (i.e.: explaining the purposes of the processing and who might see the data, unless it is obvious; for personal information not to be kept for longer than is necessary (Principle 5) and for personal information to be kept secure (Principle 7).

4.4 Data controllers are also required to meet one or more statutory conditions for processing.  The conditions include consent.  Data subjects are generally entitled to request and receive a copy of the personal data held on them by data controllers.  This can include personal data in emails including some 'deleted' emails but a mere mention of someone in passing in an email will probably not be personal data.

4.5 The Information Commissioner's website contains guidance particularly on the Court of Appeal's decision in Durant v The Financial Services Authority [2003] EWCA Civ 1746 which contains detailed guidance on the meaning of 'personal data'.

4.6 Special rules apply to personal data relating to offences, disclosures made in connection with legal proceedings, and to processing for the purpose of obtaining legal advice or for establishing, exercising or defending legal rights.  Barristers should seek guidance from the Bar Council if in doubt.

5. Unsolicited Bulk Commercial Email (Spam)

5.1 Spam and bulk mail is an irritant that adversely affects email systems and often causes a negative impression on professional clients and the general public.  Barristers and chambers are not encouraged to use such systems.

5.2 Barristers or chambers who are considering email marketing campaigns should familiarise themselves with the requirements of the DPA, the Electronic Commerce (EC Directive) Regulations 2002, SI 2002 No.2013, the Distance Selling Directive (Directive 97/7/EC) and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

5.3 Guidance on the latter (which has special rules for unsolicited direct marketing by email) was published on the Information Commissioner's website in November 2003.

5.4 Barristers and chambers must also consider relevant professional rules of conduct.

6.  Review and Ownership

6.1  These guidelines are prepared for the Bar Council by the Bar Council’s IT Panel and will be reviewed annually by the IT Panel each September. 

6.2  The Bar Council welcomes feedback: the point of contact for this document  is –

Helen Minkoff
Secretary to the Bar Council IT Panel
289-293 High Holborn
London
WC1V 7HZ

Email: HMinkoff@Barcouncil.org.uk

Note:

If you are a criminal practitioner, and communicate regularly with any of seven core Criminal Justice Organisations (CJOs) – Police, Probation, CPS, Crown Courts, Magistrates’ Courts, Prisons and the Youth Justice Board – and Criminal Justice IT (CJIT); or you communicate with private defence solicitors or the Criminal Defence Service by email, you should seriously consider joining the CJIT secure email system which allows secure and encrypted communication between all of these organisations. Before long this will be the required method of email communication for criminal justice practitioners. For further information log on to the CJIT Secure email website at www.cjit.gov.uk/secure_email_faq.html or email secureemail.queries@cjit.gsi.gov.uk for specific enquiries. Alternatively, CJIT’s helpline number is 0870 010 8535.

ANNEX A

Sample Chambers Email Policy

Important Note

This is a generic policy on the use of information technology.  It should not be used before being reviewed and amended to cover the specific circumstances of any particular chambers.

The policy refers to other policies which chambers should have in place (e.g. anti-harassment policy).

The policy does not cover disciplinary procedures which might arise as a result of breach of the policy, which should be added to this policy or dealt with separately.

This policy was drafted in November 2004.  The laws affecting email and internet usage and market best practice (e.g. security standards) are in a state of flux.  Chambers should regularly review their email policy to take account of legislative change and developments in best practice.

The Bar Council welcomes feedback on the sample policy:  the point of contact for this document is –

Helen Minkoff
Secretary to the Bar Council IT Panel
289-293 High Holborn
London
WC1V 7HZ

Email: HMinkoff@Barcouncil.org.uk

 

[Name of Chambers]

Policy on the use of Chambers IT Systems

Introduction

The purpose of this policy is to provide a short guide to the rules that chambers require to be observed by users of its Information Technology (IT) systems.  By IT systems, we mean telephones, computers including (without limitation) PDAs and other telecommunications equipment.

This policy is intended to contain guidance on the conduct of members of chambers and of chambers’ clerks and staff.  All are expected to exercise professional judgement at all times.

Comments on the policy are welcome; they, together with any requests for clarification, should be addressed to [insert position].

Security

All members of chambers and staff are responsible for the security of the IT terminal(s) allocated to them, and must not allow them to be used by another person unless permitted by this policy.

Passwords are unique to each user, and must not be made available to any other member of staff unless authorised by [insert position]. 

Inappropriate Use of Chambers’ Equipment and IT Systems

Access is granted to the World Wide Web, and to other chambers’ systems, only for legitimate business purposes.  Incidental personal use is permissible provided it is in full compliance with chambers’ rules, policies and procedures, such as this policy and its Equal Opportunities Policy, its Anti-Harassment Policy, its disciplinary rules, [and insert any other relevant policies].

Under no circumstances should chambers’ equipment or IT systems be used to send, receive, browse, download or store material which may be illegal, offensive or cause embarrassment to others.  This includes (without limitation) the use of systems to send, receive, obtain access to, download or store pornographic material and material which is racially or sexually offensive.

Personal Use of Chambers Facilities

The minimal use of chambers' IT facilities by  chambers’ staff to send personal email or to browse the World Wide Web is acceptable provided that:

(i) The usage is minimal and takes place substantially out of normal working hours;

(ii) Whenever it takes place, the usage does not interfere with client or office commitments;

(iii) the usage does not commit chambers to any marginal costs (at present the marginal cost of sending or browsing the web may be taken to be zero); and

(iv) the usage complies with chambers' policies.

This policy on personal use is designed to be liberal, but its continuance is, of course, dependent upon its not being abused or overused and may be withdrawn or amended.

Emails Generally

Take care in what you say in email messages.  Improper statements can give rise to personal or client liability.  Work on the assumption that email messages may be read by others, and do not include in your emails anything which would offend or embarrass any such reader, or would embarrass chambers if it found its way to the public domain.

Specifically:

(i) Never send abusive, obscene, sexist, racist, harassing or defamatory messages.  If you receive such a message, do not forward it to anyone.  Report it to [insert position].

If a recipient asks you to stop sending them personal messages then always immediately stop.  Please take note of chambers’ Anti-Harassment Policy.

(ii) If your system permits email name changing, do not in any event send messages from another member of staff’s computer under a name other than your own name (although clerks are permitted to send emails in their own name on behalf of any members of chambers if instructed to do so by him or her provided that they use the email tool which automatically states at the top of the email that it is sent on behalf of the relevant barrister).

(iii) Never send confidential messages by email without getting the recipient’s agreement.

(iv) Never open an email attachment from an unexpected or untrustworthy source or if, for any reason, it appears 'suspicious' (for example, if it ends in .exe or .pif).  Most viruses are propagated by email.  If you suspect that a virus has infected your computer inform [insert position].

(v) Remember that email messages can be documents which are disclosed in legal or costs proceedings if relevant to the issues unless protected by privilege.  Therefore, always exercise the same caution in what you say in emails as you would in more formal correspondence.

(vi) Never send or forward private emails at work which you would not want a third party to read.

(vii) Do not create email congestion by sending trivial messages or unnecessarily copying emails to those who do not have a real need to have them.

(viii) Do not send or forward “chain-mail” emails as they have a propensity to over-load the system.

(ix) Do not advertise by email  except in accordance with the relevant regulations

(x) Always remember that text, music and other content on the Internet are copyright works.  Never download or email such content to others unless you are certain that the owner of such works allows this.

(xi) If sending important information or work by email, always obtain confirmation of receipt (either by requesting a reply to your email, or by following up with a telephone call).

(xii) Never agree to terms or enter into contractual commitments or make representations by email without having obtained proper authority.  Remember, when you type your name at the end of an email, this act is just as much a signature as if you had signed it personally.

(xiii)  Chambers reserves the right on notice to monitor staff emails to ensure compliance with this policy and the requirements of the law, the Bar Council and data protection.

External Emails

Never send strictly confidential messages via the Internet, or by other means of external communication which are known not to be secure.  If you send advices or opinions by email, you are responsible if they are incorrectly addressed or delivered to the wrong mailbox. 

If requested to forward information over the Internet, or you send work by email, make sure that your instructing solicitor knows that it is not totally secure and is willing to accept that risk.

The World Wide Web

The component parts of web pages are routinely stored on the “viewing computer” in order to improve access times should the site be re-visited.  This is called “caching” web pages. It is therefore highly likely that images etc (whether in fact viewed or not) will remain on the computer used to access the site. If the images are inappropriate than this could lead to embarrassment to chambers. Further, it should be noted that the cached items may remain on the system for a considerable period of time after the item is placed there.

It should also be pointed out that if you visit a site, you may well receive, perhaps unwittingly, a “calling card” (called a “cookie”) which may enable the site owner to work out who has visited. These cookies can also be used to discover the pages which the viewer has been on prior to the site owner’s page.

If the web site is an inappropriate one, that calling card could embarrass chambers.  If you access, download, store or forward inappropriate material others might be offended.

In some cases you may be committing a criminal offence if, for example, the material is pornographic in nature.

There have additionally been recent security alerts over the use of “rogue code” in web pages that can be used to infect the viewing computer. Such code is more usually to be found in the less reputable sites on the internet which will also be those more likely to cause embarrassment to Chambers if it is discovered that they have been accessed.

You should cross refer to chambers’ Anti-Harassment Policy.  For these reasons, you should adhere to the following policies:

(i) See the rules on personal use referred to above.

(ii) Do not access from chambers’ system any web page which, on the widest meaning of those terms, could be regarded as illegal, offensive, in bad taste or immoral.  This definition is intended to be interpreted very widely: content may be perfectly legal in the UK yet in sufficient bad taste to fall within this prohibition.  Sometimes the content may be against the law.  As a general rule, if any person within chambers’ (whether intended to view the page or not) might be offended by the contents of a page, or if the fact that chambers’ software has accessed the page might embarrass chambers if made public, then it may not be viewed.

(iii) The same rule applies to any files (whether documents, images or other) downloaded from the web.

Security - Home Software

Security issues encompass the need to ensure that chambers is protected both against misuse of others’ copyright material, for example by loading onto office machines programs that are not properly licensed; and against computer viruses, for example by loading onto chambers machines programs or files which have not been properly virus checked.  Accordingly, you may not load onto office machines any software not provided by chambers without the permission of [insert position].

Review

This policy will be reviewed periodically.

ANNEX B

EMAIL SECURITY

1. It is often said that the Internet is inherently insecure.  In fact, Internet applications like email can be used in both secure and insecure ways.  Consideration should be given to the security features available to you and, particularly where you are processing personal data, you should be careful to take appropriate technical and organisational measures to ensure that your email communications are safeguarded.

2. Bear in mind that messages may pass through the hands of unregulated service providers; the networks used by the Internet are vulnerable to hacking; and governments can undertake interception on a substantial scale.

3. The most likely cause of confidential information in an email being received by an unintended recipient is human error: the sender typing in the wrong email address.  Less likely, but still technically possible, is the risk of an email message being accidentally misrouted to the wrong recipient or intercepted intentionally by a third party.  Barristers and chambers that carelessly expose sensitive communications to these risks may be liable for breach of professional conduct rules for breaching client confidentiality.  They may also be exposed to civil claims for breach of confidence.

4. The internal threats are, generally, greater than the external threats.  A disgruntled former member of staff may deliberately abuse his or her access.  Systems administrators and other IT staff employed by, or contracted to, a chambers are in a particularly privileged position as regards access to confidential material.  They should all be carefully vetted before being taken on, which is a requirement of the Data Protection Act 1998.  Encryption of sensitive documents may be necessary to prevent technical support staff accessing them.  Ensure that technical staff do not have a back-door route to access (by logging on as a user for example).

5. Although the threat of a successful and serious external breach of system security or interception of emails by a third party is not as high as the risk of an internal security breach, the number of attacks is rising.  The vulnerability of systems with 'always-on' (broadband) connection to the Internet is far greater than systems with dial-up access.  On average, it typically takes less than an hour from first connection for an 'always-on' system to be attacked.  Such systems should be protected with properly configured firewalls.

6. External threats include the activities of hackers, who seek to obtain access to systems and networks; attacks on web sites, appropriating content from your web site; attacks on your image or brand by defacing or altering the web site; and denial of service attacks.

7. Chambers are recommended to adopt systems that:

(a) provide the facility for retrieving (and automatically decrypting) encrypted incoming mail; and

(b) automatically encrypt all outgoing email to those offering similar facilities.

8. Chambers should keep private cryptographic keys securely under their own control and have a key management policy.  They should not rely on the use of encrypted communication links for which service providers control the cryptographic keys.

9. Chambers should be aware that encryption software using strong cryptography is widely available.
 
10. Email can bring viruses and malicious software into chambers’ systems.  As well as damaging those systems and interfering with service to clients, such viruses and software can distribute confidential information or allow unauthorised access to it.

11. Chambers should maintain up-to-date technical precautions against such risks and ensure that users are alert to the importance of complying with associated procedures.

12.  Measures that may be taken in order to manage the security risks include conducting regular inspections of employee email logs for breaches of security, the logging of access to the private areas of chambers’ networks and communicating chambers’ policies to all staff by way of an IT usage policy.

13.  Implementing and enforcing an IT usage policy which is drafted to be consistent with industry best practice, will also help to mitigate the risk of successful claims being brought against chambers for breaches of confidence committed by their staff.

14. Chambers should ensure that all relevant devices including laptops, PDAs and home computers used for business-related work are brought within the scope of their IT and email security policies.