In February 2024, the Legal Services Operational Privacy Certification Scheme, or
LOCS:23
, was approved by the Information Commissioner’s Office (
ICO
). This new certification scheme is aimed at legal service providers who operate in the UK, or deal with clients in the UK. – this includes law firms, solicitors, in-house lawyers, barristers, other providers of legal services and their supply chain partners who process the personal data of clients.
Processors and sub-processors within scope include, for example:
-
Software providers
-
Software-as-a-service (
SAAS
) providers
-
Infrastructure-as-a-service (
IAAS
) providers
-
Platform-as-a-service (
PAAS
) providers
-
External consultants
-
Service providers (e.g. translation, transcription and off-site storage)
-
Third-party legal service providers (e.g. barristers, law firms and notaries)
The LOCS:23 scheme addresses data protection compliance when processing personal data contained in the “Client File”. This includes data collected through the whole lifecycle of a client relationship – from marketing, the initial engagement with a client and providing advice, to closing and archiving the file.