Walkers & Partners | Criminal Lawyers Bristol | Data Protection Policy
15706
page-template-default,page,page-id-15706,ajax_fade,page_not_loaded,,qode-theme-ver-7.9,wpb-js-composer js-comp-ver-5.4.5,vc_responsive
 

Data Protection Policy

Walker & Partners Ltd – Data Protection Policy – May 2025 

Data protection policy

A data protection policy is in place and available to all staff setting out the procedures that are in place. The data protection policy is kept in the Data Protection Policy Register. Martin Walker is the Data Protection Officer. Walker & Partners limited will annually review whether it is required to take any steps under the data protection policy. 

Information management

The practice has a policy for the overall management of all electronic data. The responsibility for its management is with Martin Walker.

The practice holds data with regard to all client matters in Law Fusion.  Data relating to the financial affairs of the firm is held externally by the firm’s accountants. 

The practice has identified the following critical risk(s) to the data specified above:

  • flooding or fire at the office, resulting in destruction of and/or permanent damage IT systems;
  • the IT system suffering a terminal failure;
  • burglary and/or vandalism, resulting in theft and/or destruction of the firm’s IT system
  • loss of, damage to or destruction of electronic data through staff misuse or by accidental loss or theft or malicious intent.  

The practice has in place the following processes, procedures and technology to eliminate, minimise or transfer the critical risks identified above, and for maintaining the integrity of any material stored electronically:

  • ensuring that all electronic data received by, created by or used by the firm is stored on a secure password protected computer;
  • entrusting Martin Walker with the responsibility for using the IT system and reporting any faults to Martin Walker as soon as they arise;
  • entrusting Martin Walker with the responsibility for ensuring that all electronically stored material is backed up on a daily basis, and ensuring that all discs containing backed up material are stored in a separate location off site;
  • ensuring that the IT system is protected with a secure firewall, with anti-virus software and anti-spyware installed and kept updated;
  • ensuring that all users of the IT system receive sufficient training to enable them to use the equipment properly, and making it a disciplinary offence to misuse any of the IT equipment.

The practice provides training to all staff in order to ensure that all members of staff are competent to manage electronic data.  This will be provided on an individual basis and will be tailored to the individual staff member’s specific requirements.

The practice has the following technologies for the management and safe storage of electronic documents: computer system with back-up storage, firewall and anti-virus programmes.  

Management of the firm’s electronic document technology is the responsibility of Martin Walker.

The types of documents to be held in the systems for managing documents are: 

  • firm documents (leases, etc.);
  • client documents (agreements, court orders, etc.);
  • staff documents (contracts, etc.);
  • others (as required).

These are what are classed as Records of Processing Activities.

The firm has in place the following procedures, and operates the following technologies, for safeguarding the integrity of electronic documents:

  • ensuring that all electronic data received by, created by or used by the firm is stored on a secure password-protected computer;
  • entrusting Martin Walker with the responsibility for using the IT system and reporting any faults to Martin Walker as soon as they arise;
  • entrusting Martin Walker with the responsibility for ensuring that all electronically stored material is backed up on a daily basis, and ensuring that all discs containing backed up material are stored in a separate location off site;
  • ensuring that the IT system is protected with a secure firewall, with anti-virus software and anti-spyware installed and kept updated;
  • ensuring that all users of the IT system receive sufficient training to enable them to use the equipment properly, and making it a disciplinary offence to misuse any of the IT equipment.

Subject access requests

Any individual whose data is held by the firm may make what is called a ‘subject access request’, i.e. a request to see what data is actually held about them. All such requests should be addressed in writing to Martin Walker.  Should any request be made, Martin Walker will arrange for the firm to comply with the request free of charge, unless in his reasonable professional opinion the request is manifestly unfounded or excessive, whereupon he reserves the right to refuse the request or charge for the request as he deems appropriate.  In the event of any request being refused, the individual making the request must be informed as soon as possible and in any event within one month of his or her right to complain to the Information Commissioner’s Office and of his or her right to a judicial remedy.  

After receiving the request, our DPO will log the request and will seek written authority if someone is requesting data on behalf of another. The data will then be located relevant data will be compiled. The data will be reviewed to ensure no third-party personal data is disclosed. If necessary, redaction and exclusion will take place. The response will be prepared which will include a copy of the data, retention periods, right to complain to ICO & Data subject rights. The response will then sent and records kept.

Data breaches

Should any member of staff become aware of a breach of any of the requirements of the Act or the GDPR, or suspect that the rights of any data subject have been or may be compromsied, they must notify Martin Walker without delay. Martin Walker will notify the Information Commissioner’s Office of any such breach or concern as soon as possible and in any event within seventy-two hours of becoming aware of any such breach or concern.

Data Protection Privacy Impact Assessment

With the introduction of new technologies for the firm, the firm may carry out a Data Protection Impact Assessment as such technologies may process client data or potentially staff data.

Review of Retention Schedules

When a review of retention schedules are required, the firm will outsource to a reputable IT company to assist in the process.  However, it will include compiling a full inventory of all data types held by the firm and will use a RoPA tool for this purpose. There will be identification of applicable legal and regulatory requirements, a process to define the firm’s needs a complete risk assessment.

E-mail

E-mail is routinely available to all personnel through the firm’s computers.

The following guidance is given to ensure that the facility is properly used and not abused. If there is any doubt or concern, reference should be made to Martin Walker. If a suspicious e-mail message is received, for example from an unidentifiable sender, especially with attachments, it should not be opened. Particular caution is needed where the message is from a familiar source but there is no text in the message. In such circumstances, please telephone the sender before opening that attachment to see if they have indeed sent a bona fide message to you. Alternatively, please refer the issue to Martin Walker. Where there is still doubt, the message should be deleted without being opened.

The overriding principle is that e-mail messages are to be controlled and processed to the same standards as for normal correspondence. Because e-mails, both received and sent, are processed on an individual personal computer, in the majority of instances without the knowledge of Martin Walker, there must inevitably be a high degree of trust from everyone in the use of e-mails. 

The arrangements in relation to messages are as follows.

  • Incoming messages
  • All incoming messages related to client work must be printed out and a hard copy placed on the appropriate client file.
  • All messages must be passed to Martin Walker upon receipt.
  • No undertaking may be accepted by e-mail – a signed letter must be received.
  • Outgoing messages
  • As appropriate, outgoing messages of substance must first be approved by Martin Walker before being transmitted. 
  • A printed copy of outgoing messages is to be placed on the relevant client file.
  • Undertakings are not to be given by an e-mail message. On approval of undertakings in general see section 8.15 below.
  • No potentially offensive messages are to be sent. Defamation, harassment and breaches of the firm’s discrimination policy are all potential risks. Please also be wary of the temptation to send off a hasty message that, on reflection, would seem unwise. A good rule is to place your initial response in your drafts folder or reply later or the next day if annoyed or offended by action taken or a communication received: allowing yourself a ‘cooling-off period’ can avoid putting yourself in the wrong.
  • All e-mails are to be restricted to the firm’s professional work. 
  • Always check the state of attachments to see that you are sending the correct draft. Be particularly wary of drafts that might have been amended without your knowledge by someone outside the firm – client, opponent or other. Where this is a risk you should attach the document as a pdf that cannot be amended.

Deletion of e-mails

It is the responsibility of the individual to review regularly all stored messages and delete those that are no longer required. All staff members are asked to ensure that printed copies of messages, including draft documents, have been placed on the client file before deletion of messages. 

Virus protection

The firm’s e-mail facility is protected by McAfee Virus Scan and regular protection updates will be received

Internet use

Acceptable uses of the internet are as follows:

legal research; client or practice research.

Any other personal or social use of internet facilities must be kept to a minimum and in no circumstances should any individual within the firm peruse sites that could reasonably be regarded as pornographic or offensive, unless it is necessary to do so in relation to a client’s matter.

Users must also be wary of breach of copyright from inappropriate downloads.

Secure e-mail

Walker & Partners limited have a secure email address. Secure email is a safe, efficient, alternative to regular email, fax and post. The information contained in a secure email is encrypted, so it can only be read by the intended recipient. By contrast, regular emails can be fairly intercepted and read by just about anyone. The secure email service is an important part of the process of joining up the Criminal Justice System (CJS) in England and Wales. It allows people working across the CJS who choose to participate (and indeed must participate in some instances, for example, in communications with courts, the Crown Prosecution Service, the Police, defence solicitors, barristers and Youth Offending Teams), to send emails containing restricted (i.e. sensitive data), in a secure way to each other. Only the solicitors have access to a secure email address. It is the responsibility of the solicitors to review regularly all stored messages and delete those that are no longer required. Common Platform is a case management system for HMCTS, the judiciary and professional court users including defence. Walker & Partners limited have a Common Platform defence organisation account which is necessary for attending any hearings where Common Platform is used and to access case material. Martin Walker is the administrator for Walker & Partners limited for the Common Platform.