DATA PROTECTION POLICY
9BR is required to comply with the law governing the management and storage of personal data, which is outlined in the General Data Protection Regulation 2016 (GDPR) and the Data Protection Act. For this reason, protection of personal data and respect for individual privacy is fundamental to the day-to-day operations of Chambers.
Compliance with the GDPR is overseen by the UK data protection regulator which is the Information Commissioner’s Office (ICO). This Chambers is accountable to the ICO for its data protection compliance.
This policy aims to protect and promote the data protection rights of individuals and of 9BR, by informing members and everyone working for and with Chambers, of their data protection obligations and of Chambers procedures that must be followed in order to ensure compliance with the GDPR.
This policy applies to all members, staff (including managers), consultants and any third party to whom this policy has been communicated.
This policy covers all personal data and special categories of personal data, processed on computers or stored in manual (paper based) files.
Kate Le Queux who is Chambers’ Administrator is responsible for monitoring 9BR’s compliance with this policy.
Everyone in 9BR (and any third party to whom this policy applies to) is responsible for ensuring that they comply with this policy. Failure to do so may result in disciplinary action.
DATA PROTECTION MANAGER (DPM)
Chambers has appointed Kate Le Queux as its Data Protection Manager (DPM). This is not a statutory role. Kate Le Queux’s responsibilities within this role include:
• Developing and implementing data protection policies and procedures;
• Arranging periodic data protection training for all staff and members which is appropriate to them;
• Acting as a point of contact for all colleagues, staff and Barristers on data protection matters;
• Monitoring 9 Bedford Row’s compliance with its data protection policy and procedures;
• Promoting a culture of data protection awareness;
• Assisting with investigations into data protection breaches and helping Chambers to learn from them;
• Advising on Data Protection Impact Assessments; and
• Liaising with the relevant supervisory authorities as necessary (i.e. the Information Commissioner’s Office in the UK).
The GDPR is designed to protect individuals and personal data which is held and processed about them by Chambers or other individuals.
The GDPR uses some key terms to refer to individuals, those processing personal data about individuals and types of data covered by the Regulation. These key terms are:
• Personal data Means any information relating to an identified and identifiable natural person (‘data subject’)
o This includes for example information from which a person can be identified, directly or indirectly, by reference to an identifier i.e. name; ID number; location data; online identifiers etc.
o It also includes information that identified the physical, physiological, genetic, mental, economic, cultural or social identity of a person.
o For 9 Bedford Row’s purposes, Barristers’ clients and staff are data subjects (other individual third parties concerning whom we hold personal data about are also likely to be data subjects).
• Controller Means the natural or legal person, public authority, agency or other body who alone or jointly with others, determines the purposes and means of processing the personal data. In effect, this means the controller is the individual, organisation or other body that decides how personal data will be collected and used. For 9BR’s purposes, this Chambers is a data controller for certain categories of data.
• Processing Means any operation which is performed on personal data such as: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
For 9BR’s purposes, everything that we do with client information (and personal information of third parties) is ‘processing’ as defined by the GDPR. This processing will often be in the capacity as a Data Processor on behalf of a Barrister as a Data Controller.
• Special categories Means personal data revealing:
o of personal data
o racial or ethnic origin;
o political opinions;
o religious or philosophical beliefs;
o trade-union membership;
o the processing of genetic data or biometric data for the purpose of uniquely identifying a natural person;
o data concerning health or data concerning a natural person's sex life or sexual orientation
N.B. data relating to criminal convictions and offences is not included within the special categories. However, there are additional provisions for processing this type of data (see Regulation 10 of GDPR)
Data Protection Principles
The GDPR is based around 8 principles which are the starting point to ensure compliance with the Regulation. Everybody working in for and with 9BR must adhere to these principles in performing their day-to-day duties. The principles require 9BR to ensure that all personal data and sensitive personal data are:
(a) Processed lawfully, fairly and in a transparent manner in relation to the subject (‘lawfulness, fairness and transparency’)
(b) Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’)
(c) Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)
(d) Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)
(e) Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which personal data are processed (‘storage limitation’). Chambers data retention policy is 7 years, after which personal data will be erased.
(f) Processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage using appropriate technical or organisational measures (‘integrity and confidentiality’)
9BR must be able to demonstrate its compliance with (a) – (f) above (‘accountability’).
Processing personal data and sensitive personal data
You must process all personal data in a manner that is compliant with the GDPR, in short, this means you must:
• have legitimate grounds for collecting and using the personal data;
• not use the data in ways that have unjustified adverse effects on the individuals concerned;
• be transparent about how you intend to use the data, and give individuals appropriate privacy notices when collecting their personal data;
• handle people’s personal data only in ways they would reasonably expect; and
• make sure you do not do anything unlawful with the data.
You must ensure that you are aware of the difference between personal data and special categories of personal data and ensure that both types of data are processed in accordance with the GDPR.
The conditions for processing special categories of personal data that are most relevant to our Chambers are:
• Explicit consent from the data subject;
• The processing is at the instruction of a Barrister who is the Data Controller of that personal data;
• The processing is necessary for the purposes of carrying out 9BR’s obligations in respect of employment and social security and social protection law;
• The processing is necessary to protect the vital interests of the data subject or another person;
• The processing relates to personal data that has already been made public by the data subject; or
• The processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
If you have any concerns about processing personal data, please contact Kate Le Queux, Chambers Administrator, who will be happy to discuss matters with you.
Rights of the data subject
The GDPR gives rights to individuals in respect of the personal data that any organisations hold about them. Everybody working for 9BR must be familiar with these rights and adhere to Chambers’ procedures to uphold these rights.
These rights include:
• Right of information and access to confirm details about the personal data that is being processed about them and to obtain a copy;
• Right to rectification of any inaccurate personal data;
• Right to erasure of personal data held about them (in certain circumstances);
• Right to restriction on the use of personal data held about them (in certain circumstances);
• Right to portability – right to receive data processed by automated means and have it transferred to another data controller;
• Right to object to the processing of their personal data.
If anybody receives a request from a data subject (a client or other third party concerning whom we hold personal data) to exercise any of these rights, the request must be referred to Kate Le Queux immediately or to Martin Secrett, Chambers Director in his absence.
Note: we only have one month to respond to a request to access a copy of personal data.
Confidentiality and data sharing
The barristers and Chambers must ensure that they only shares personal information with other individuals or organisations only where they are permitted to do so in accordance with data protection law.
Wherever, possible you should ensure that you have the client’s (or other data subject’s) consent before sharing their personal data, although, it is accepted that this will not be possible in all circumstances, for example if the disclosure is required by law.
Any further questions around data sharing should be directed to Kate Le Queux, Chambers Administrator.
Data Protection Impact Assessments (DPIAs)
DPIAs are required to identify data protection risks; assess the impact of these risks; and determine appropriate action to prevent or mitigate the impact of these risks, when introducing, or making significant changes to, systems or projects involving the processing of personal data.
In simpler terms, this means thinking about whether 9BR is likely to breach the GDPR and what the consequences might be, if Chambers uses personal data in a particular way. It is also about deciding whether there is anything that Chambers can do to stop or, at least or minimise the chances of any of the potential problems identified, from happening.
DPIAs will be undertaken by the DPM or designated members of staff.
A data protection breach is defined as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed”.
Everybody working in, for and with 9BR has a duty to report any actual or suspected data protection breach without delay to their line manager and Data Protection Manager. Full details of the Chambers’ breach reporting policy can be found here. (Breach reporting Policy).
Breaches must be reported to the Information Commissioner’s Office (ICO), Kate Le Queux or the Chambers Director without undue delay and, where feasible, not later than 72 hours after having become aware of the breach, unless, 9BR is able to demonstrate that the personal data breach is unlikely to result in a risk to the rights and freedoms of data subjects.
Kate Le Queux, Chambers Administrator, will maintain a central register of the details of any data protection breaches.
Complaints relating to breaches of the GDPR and/ or complaints that an individual’s personal data is not being processed in line with the data protection principles should be referred to Kate Le Queux, Chambers Administrator without delay.
New Contractual Terms
The Code of Conduct now provides that, with effect from 31 January 2013, barristers are obliged under the Cab Rank Rule to accept instructions which are offered either (a) on the Standard Contractual Terms for the Supply of Legal Services to Authorised Persons annexed to the Code (“the Bar Council Terms”) or (b) on terms which a barrister or the barrister’s chambers have published as the barrister’s standard terms of work.
At 9BR the barristers’ published standard terms of work are the terms agreed between The Commercial Bar Association (Combar) and the City of London Law Society (“the Combar/CLLS Terms”).
Accordingly, with effect from 31 January 2013, barristers at 9BR are obliged under the Cab Rank Rule to accept instructions which are offered (a) on the Bar Council Terms or (b) on the Combar/CLLS Terms.
Barristers at 9BR will, of course, consider alternative terms of engagement, or variations to the published Terms; but they are not obliged under the Cab Rank Rule to accept instructions on such terms. It should also be noted that barristers at 9BR will not be applying the new contractual terms as a matter of routine to each and every new instruction, so neither the Bar Council Terms nor the Combar/CLLS Terms should be viewed as default terms.
Where the Combar/CLLS Terms are to be used to provide the barrister’s services, this may be achieved by the solicitor and the barrister completing the front sheet of the Terms and signing it. Alternatively, it may be achieved by an email exchange confirming that the barrister and the solicitor intend to be bound by a contract incorporating the Terms, and setting out the information required by the front sheet of the Terms, together with any amendments agreed. A barrister's clerk has authority for these purposes to enter into an agreement incorporating the Terms on behalf of a barrister.
If you have any questions or queries in relation to the implementation or application of the new contractual terms, then please contact Paul Outen, the Senior Clerk, on +44 (0)20 7 489 2727 or via e-mail to email@example.com.
Client Care Policy
- 9BR is committed to flexibility, fairness and openness and, in appropriate cases, happy to either estimate or agree fees prior to work being undertaken.
- Where the brief is for advice/opinion a written reply will be given within 15 working days unless agreed otherwise. If an extension to this time is required, the client will be advised by telephone by the Barrister or his Clerk and a new reporting date agreed.
- The Client will be advised promptly of the outcome of court appearances and of the next stage in the case.
- A conflict of interest check will be carried out by the Clerks Room upon receipt of a brief and alternative arrangements made, including the transfer to another Chambers if required.
- If a brief needs to be reallocated due to factors beyond Chambers' control, then the professional client will be advised by telephone at the earliest opportunity and the brief reallocated to a barrister of equal standing and experience, but not without the prior agreement of the professional client.
- Standard matter fee invoices will are issued promptly after the end of a case or an agreed stage of the case, usually be within 5 working days.
Papers are returned to the professional client after the completion of the case - usually within 10 working days.
Basis of Fees
In advance of undertaking any work, a cost estimate will be povided - unless fixed fees are already in place. If it is not possible to estimate the final figure that will be charged for a specific item of work, an indication will be given as to the basis on which the fee will be calculated (for instance, an hourly rate or an agreed figure which will not be exceeded without further discussion with the client).
Where Counsel is instructed under a publicly funded certificate we will require a copy of the certificate or in the case of unassigned criminal magistrates work, the Unique File Number as Counsel are now obliged to ensure that his/her work is covered by the terms of a certificate.
In cases where a brief fee and/or refreshers are estimated, not agreed, the fee will include a rough estimate of preparation time, conferences, days in court, the involvement of other counsel and so on.
For other work such as written advices, opinions, views of a locus etc an hourly charging rate can be agreed where it is not possible to provide a fixed time estimate in advance of the work being undertaken.
Chambers Complaints Procedure
Our aim is to provide you with a good quality service at all times. However, in the event that you do have a complaint please let us know at the earliest opportunity so that we may take immediate steps to deal with any difficulties that you may be experiencing. Chambers has a full and comprehensive complaints procedure which follows the guidelines set out in Barmark.
A copy of Chambers complaints procedure can be obtained on request from the Senior Clerk either by telephone or in writing, at any time, and can be viewed here.
9BR Chambers has as one of its objectives the aim "To provide an excellent legal service to its clients in the area of criminal law". To this end, these Chambers and its barristers accept and discharge their responsibility to ensure that the needs, concerns and interests of our clients are constantly kept in view, and addressed. Please click here to download our client feedback form.