Personal injury lawyers are breaking client confidentiality rules “every week” to complete deals on buying and selling firms, specialist consulting law firm Citadel Law has warned.
Lesley Graves, Citadel Law managing director and solicitor, said there was a high level of ignorance among lawyers about their duty to keep information confidential, with firms approaching due diligence “the wrong way”.
She went on: “Many law firms, and those advising them, are operating under the misapprehension that it is necessary to allow access to client files in order to complete deals – this just isn’t true.
“Every week I see examples of this being flouted and when I raise it most solicitors tell me they had no idea, yet ignorance will be no defence if the SRA come knocking.
“Law firms are approaching their due diligence in the wrong way. Instead they should be focused on the firm’s financial situation and records, talking to fee-earners and reviewing operations, technical ability and governance, rather than delving into confidential client files.”
Ms Graves said guidance issued by the Solicitors Regulation Authority (SRA) in January 2015 made it clear that it should not be necessary for purchasers to access client files in breach of the confidentiality rules.
She said that early in Citadel’s due diligence process, firms requested “significant disclosure” of management information with an impact on asset value, but with client details redacted.
“We find that working within SRA guidelines to be a far better approach as it puts the focus on operational issues as a whole rather than individual files – which is hit and miss, costly and breaches SRA guidelines.”
The SRA guidance  states: “Disclosure of confidential information is only allowed where the client consents to it and it is in their interests or is permitted by law. Before approaching a client for consent, firms should consider whether disclosure is essential to proceed with a specific matter.”
Ms Graves added that breaking the client confidentiality rules could also breach the Data Protection Act 1998 and warned that, should we remain in Europe, particular attention should be paid to a new EU-wide data protection regime, coming into force in 2018.
“The General Data Protection Regulations are another issue coming down the line for acquisitive solicitors. Firms need to get to grips now with what they are doing and how to comply with the new regime.”