SRA Ethics Guidance: Client Confidentiality

30th January 2015 Business Crime

The Solicitors Regulation Authority recently issued ethics guidance on Protecting and Maintaining Client Confidentiality. The advice is not mandatory and is not part of the SRA Handbook, but the SRA may have regard to it if a regulated firm or person is called to account.

The Duty

Regulated firms and persons are obliged to protect their clients' confidential information. As a matter of common law and conduct, it is a fundamental to the relationship with a client and is one of the professional principles in section 1(3)(e) of the Legal Services Act 2007. The duty arises prior to the commencement of a formal retainer, after the end of the retainer and even after a client's death. All members of the firm or in-house practice owe a duty of confidentiality. Firms must therefore implement effective systems and controls to prevent and mitigate risks arising from the potential disclosure of information.

Confidentiality and Privilege

There is a distinction between a firm's duty of confidentiality and the concept of legal professional privilege. Legal professional privilege can only be waived by the client and not the firm. The firm should also be mindful of restrictions on the passing of confidential information in particular cases. Matters involving children are of particular importance. The duty of confidentiality to all clients must be reconciled with the duty of disclosure to clients.

Disclosure To Third Parties

Disclosure of confidential information is only permitted where the client genuinely consents to it and it is in their interests or is permitted by law. Consideration should be given to whether disclosure is essential to proceed with the relevant matter. When seeking consent, the firm should provide information to the client which explicitly sets out when, to whom and why information may be made available. Consent should not be assumed and the firm should consider might the purpose be achieved in other ways or should access be limited through, for example, confidentiality agreements? This is sometimes required by the Data Protection Act 1998.

The Objective

The overall objective is to ensure compliance with the most relevant SRA principles (3, 4 and 6)

3. not allow your independence to be compromised;

4. act in the best interests of each client; and

6. behave in a way that maintains the trust the public places in you and in the provision of legal services.

Regulated firms and persons need to achieve the Outcomes relating to conflict of interest (Chapter 3) and confidentiality and disclosure (Chapter 4). In particular:

  • you do not act if there is a client conflict, or a significant risk of a client conflict (O3.5) (unless the circumstances set out in O3.6 or O3.7 apply),
  • you keep the affairs of clients confidential unless disclosure is required or permitted by law or the client consents (O4.1); and,
  • you have effective systems and controls in place to enable you to identify risks to client confidentiality and to mitigate those risks (O4.5).


Evan Wright is a partner and solicitor specialising in professional regulatory cases. If you or your firm require the assistance of an SRA solicitor as part of an SRA investigation or SRA prosecution, please contact our team on 0345 872 6666 for a no-obligation discussion on how we can help you.

We're Social

Evan Wright is a Partner located in Manchester in our Business Crime & Regulation department

View other posts by Evan Wright

Let us contact you

View our Privacy Policy