The Law Society, with substantial input from SCL and from members of the Bar, has established new guidelines for the use of e-mail. They are intended to assist solicitors to achieve good practice in relation to e-mail. In particular, they will assist those charged with responsibility for drawing up or approving a firm’s e-mail policy and the Guidelines offer annexes which contain a draft e-mail policy and guidance on e-mail security.
The Guidelines can be viewed on the SCL site.
Nigel Miller, Joint Chairman of SCL, commented:
“E-mail has replaced paper and fax as the preferred medium for written business communications. It is crucial that law firms promote good professional practice in the use of e-mail. I am delighted that the SCL and the Law Society have worked together to produce these e-mail guidelines which will assist law firms to manage risk and implement effective internal policies.”
Laurence Eastham writes:
It would be churlish to fail to acknowledge that the creation of a set of guidelines endorsed by the Law Society is a real and worthwhile achievement. I know that a great deal of hard work was involved and that complex competing interests would have made it difficult to specify leading-edge standards. For the record, whatever my view on the merits of encryption and the establishment of controls for electronic signatures, I acknowledge that complex requirements edging towards PKI standards would have merely served to bamboozle the majority of the target audience and led to that majority ignoring the guidelines completely. And of course these current guidelines need not be the final word; they can be a base on which to build more comprehensive guidance.
So I guess now I am about to seem churlish. While I welcome the guidelines, I confess that I am disappointed. The opening page includes a comment which put me on guard and suggested to me that too much allowance has been made for the “can’t be bothereds”: “It is important that firms consider having a written e-mail policy”. I cannot agree with that. It is not important that firms consider having a policy, it is vital that they actually have one. The current wording suggests that the job is done once consideration has been given to the matter and, while I do not suggest that the Law Society adopts my preferred wording (“You’re a bloody fool if you do not have an e-mail policy and your competence to do business in the 21st century may properly be called into question.”), they certainly need to beef the message up. Indeed subsequent paragraphs effectively show why it is vital as they explain that the duty to supervise and manage extends to supervision of staff e-mail communications and repeat the Information Commissioner’s advice that any form of monitoring requires a policy – in my book that means that there are only two options: no e-mail for staff or a policy. Since business practice is going to be nearly impossible without e-mail and the excellent draft policy means that little effort is required from firms, something close to insistence might have been an improvement.
The other area where I have serious doubts relates to attachments. The Guidelines give sound advice on the dangers posed by attachments in importing viruses into the firm’s system. But nothing is said about the dangers that arise from the storage, dispatch and even the manipulation of attachments. Of course much of this is just good housekeeping but it might have been a good time to remind solicitors that an e-mailed attachment might well reveal more in its metadata than they would want their client or other recipient to know and that there should always be a master printed version lest the unscrupulous alter the electronic version.