Like all businesses and organisations in England, we have to comply with the General Data Protection Regulations (GDPR) which came into force in May 2018 and which built on the existing principles of Data Protection. As part of our compliance with these regulations, we need to tell you why we collect your personal data, how we store it and what happens to it later.
Who is responsible for your data?
Geoffrey Miller, the Solicitor at Miller Law Practice, is the data controller or Data Protection Officer in charge of making sure your data is kept securely.
What personal data will we collect about you and why?
When you first make an appointment with Miller Law Practice your name, address and contact phone number(s) will be taken and you will be asked to bring in with you to your first appointment ID documents which prove your name, address and other personal data such as your date of birth so that we can comply with The Money Laundering Regulations, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs).
How do we use your personal data?
By letting us see and photocopy your documents which prove your identity and address we understand that to mean that you have given your specific consent for us to see, copy, file and retain your personal data. When you instruct us in a legal matter this also means that we will open both a paper file and an electronic file held on our office computer system. We need this data to be able to communicate with you, to undertake legal work on your behalf and, as part of your legal matter, communicate with third parties about your matter. In order to carry out legal work for you will we often have to obtain further information about family, friends, finances etc.
We will not use your personal data for marketing purposes without your specific consent.
Requesting access to your personal data:
You have the right to ask to see the data we hold on you and we will give you copies of that data promptly and the latest within one month of you asking for it. In most cases your data will be provided to you with no fee. You may withdraw your consent to us holding your data by withdrawing your instructions from us and by asking us to return to you or to securely destroy the identification data we hold on you.
How long will we hold your data?
We will retain the information on your file for at least six years and the information kept in our office central ID files for the same period of time. At the end of the period when we store your file, we use external companies to whom we outsource file storage to destroy securely your entire file and we use a confidential secure documentation firm to destroy (by shredding) confidential papers we have used or kept in our office.
How securely will my data be kept?
Electronic data is protected by firewalls and virus protection on all the computers which members of staff of Miller Law Practice use and any portable electronic devices which Geoffrey Miller may use away from the office. Paper copies of your data is kept in our office which is kept securely locked when staff are away from it.
Confidentiality and sharing your personal data: outsourcing
We are professionally and legally obliged to keep your affairs confidential. We outsource to other companies various office functions including:
- Storage of closed files and their secure destruction;
- IT system hardware and software maintenance and updating;
- IT software used for time-recording and client ledgers for each client and matters;
- Legal cashiers for book-keeping
These external companies are required to maintain confidentiality in relation to your files and your personal data which they have access to while performing the task which we have outsourced to them.
Confidentiality and sharing your personal data: statutory duty
However, solicitors may be required by statute to make a disclosure to the National Crime Agency where they know or suspect that a transaction may involve money laundering or terrorist financing. If we make a disclosure in relation to your matter, we may not be able to tell you that a disclosure has been made. We may have to stop working on your matter for a period of time and may not be able to tell you why.
Confidentiality and sharing your personal data: access by other professional bodies
As members of various quality assurance schemes run by The Law Society, namely Lexcel Practice Management and the Wills & Inheritance Quality Scheme our client files are part of the audit or quality checks on our practice. Similarly, the Legal Aid Agency has the right to audit legally aided client files and the Solicitors’ Regulatory Authority, the Legal Ombudsman, our accountants and our professional indemnity insurers may need to access individual client files for audit or checks. As with companies we outsource certain functions to, these external firms or organizations are required to maintain confidentiality in relation to your files and your personal data which they will see while accessing your file or other records we keep in our office.
If you instruct us to advise, assist or represent you, you are consenting to the disclosure of the contents of your file for the aforesaid purposes. You may withdraw your consent at any time by writing to us to say that you withdraw your consent.
Transfers to other countries and safeguards in place
As we deal in the law of England and Wales it is unusual for us to need to transfer any of your data to another country. However, if, for example, you hold financial assets abroad and have asked us to deal with them as part of your legal matter, then we will write or email organisations such as banks in that country. We will use the same safeguards to keep your data secure as if it was in England and Wales.
If you believe that there is a problem with the way we handle your data you should first of all contact Geoffrey Miller to explain your concerns. If your concerns are not resolved you may complain to the Information Commissioner’s Office by phoning 0303 123 1113 or by any other means which they give on their website www.ico.org.uk.