Rule 10-4 Reports
August 31, 2021
Lawyers are required to take reasonable security measures to protect their records against the risk of loss, destruction and unauthorized access, use or disclosure, as per Rule 10-4 of the Law Society Rules. If you have lost custody or control of any of your records for any reason, you must immediately notify the Law Society in writing of all relevant circumstances.
While there are many circumstances in which you might report under Rule 10-4, the top four reported breaches are:
- Misdirected correspondence;
- Lost or misplaced records or electronic devices;
- Hacking or unauthorized access of servers or email addresses, including ransomware; and
- Theft.
Misdirected correspondence
Many mistakes can happen when sending correspondence which highlight the need for careful attention to detail.
When sending correspondence by email, always double-check email addresses and attachments before pressing “send.” You may wish to adopt electronic encryption for sensitive documents, which requires the recipient to enter a password before they can obtain access. The article Email: Preventing a Mailstrom (Publications: Insurance Issues: Risk Management - 2009 No. 2 Fall) is available on the Law Society website and provides some useful tips on risk management if you accidentally send an email to an unintended recipient.
When sending correspondence by mail, it is also important to carefully review the contents and any enclosures. Be careful if you are using precedents or templates and ensure that a previous client’s information is not accidentally included.
Remember that you are responsible for the direct supervision of staff and assistants to whom you delegate particular tasks and functions pursuant to section 6.1-1 of the Code of Professional Conduct for British Columbia. If a staff member makes an error in sending correspondence on your behalf, you are obligated to report the incident to the Law Society as their supervisor.
Lost or misplaced records or electronic devices
Losing client materials or electronic devices, such as your laptop or cellphone, can be devastating. You should ensure you have adequate measures in place to protect your records and electronic devices when they are removed from your office, such as thoroughly performing a check for all possessions before moving to any new location.
Hacking or unauthorized access of servers or email addresses
These days, lawyers are increasingly reliant on technology in their practices. However, it is important to be aware that all technology is potentially vulnerable to attack from outside sources. Servers and email accounts may be infiltrated by third parties and, in some cases, these hackers may demand ransoms in exchange for releasing locked data and files (ransomware).
Take appropriate steps to harden your systems against attack. Contact your IT provider to assess your systems and determine whether additional security measures should be put into place, such as back-up servers. This is especially important if you are a sole practitioner or working remotely, as losing access to systems and accounts will have a particularly negative impact on your ability to continue working until the attack has been resolved. Remember to regularly change your password and consider implementing an “Acceptable Use” policy for internet and email. A model policy is available on the Law Society website: Practice Resource: Sample internet and email use policy.
Theft
The majority of thefts reported pursuant to Rule 10-4 involve office and vehicle break-ins. When it comes to protecting your office from burglary, lawyers are encouraged to consider additional security measures such as keeping loose devices and client materials in locked cabinets when not in use, secondary locking mechanisms on windows and doors, or installing a security system if you do not already have one. Securing Personal Information: A Self-Assessment Tool for Organizations from the BC OIPC is a helpful tool for evaluating, maintaining, and improving your office security arrangements.
Vehicle thefts may be avoided by never leaving items unattended or in plain sight. Even if your vehicle is being parked overnight at your home, removing any client materials or devices from your car and taking them inside will prevent an unfortunate incident from occurring.
Mandatory Reporting
To make a report under Rule 10-4, please send an email with all relevant details to professionalconduct@lsbc.org. Your report will be forwarded to a staff lawyer for review and follow-up.
Have questions?
Should you find yourself needing advice following a breach under Rule 10-4, Law Society practice advisors are available to discuss the situation with you. You may also wish to consult a privacy lawyer, who can provide legal advice on your obligations to contact any clients or other individuals who may have been affected by the breach.
Insurance coverage
The Lawyers Indemnity Fund has recently added a cyber and privacy insurance program that may provide coverage for each these four risks, including theft if it involves an electronic device or communication. Information about the coverage and reporting a claim is available on the LIF website: Your Cyber Coverage | LIF.
-
- Act, Rules & Code
- Legal Profession Act
-
- Law Society Rules
- Highlights of Amendments to the Law Society Rules
- Definitions
- Part 1 – Organization
- Part 2 – Membership and Authority to Practise Law
- Part 3 – Protection of the Public
- Part 4 – Discipline
- Part 5 – Tribunal, Hearings and Appeals
- Part 6 – Custodianships
- Part 8 – Lawyers’ Fees
- Part 9 – Incorporation and Limited Liability Partnerships
- Part 10 – General
- Schedule 1 – Law Society Fees and Assessments
- Schedule 2 – Prorated Fees and Assessments for Practising Lawyers
- Schedule 3 – Prorated Fees for Non-Practising and Retired Members
- Schedule 4 – Tariff for Hearing and Review Costs
- Schedule 5 – Form of Summons
-
- Code of Professional Conduct for British Columbia (the BC Code) – annotated
- About the Code of Professional Conduct for BC
- Highlights of Amendments to the BC Code
- Introduction to the BC Code
- Chapter 1 – Interpretation and Definitions – annotated
- Chapter 2 – Standards of the Legal Profession – annotated
- Chapter 3 – Relationship to Clients – annotated
- Chapter 4 – Marketing of Legal Services – annotated
- Chapter 5 – Relationship to the Administration of Justice – annotated
- Chapter 6 – Relationship to Students, Employees, and Others – annotated
- Chapter 7 – Relationship to the Society and Other Lawyers
- Appendix A – Affidavits, Solemn Declarations and Officer Certifications – annotated
- Appendix B – Family Law Mediation, Arbitration and Parenting Coordination
- Appendix C – Real Property Transactions – annotated
- Appendix D – Supervision of Paralegals
- Member's Manual
- Lawyers Indemnity Fund Website
-
- Discipline Advisories
- August 6, 2024
- June 2, 2022
- August 31, 2021
- June 29, 2021
- February 10, 2021
- August 13, 2020
- June 1, 2020
- April 2, 2019
- April 10, 2018
- February 8, 2018
- July 13, 2017
- March 31, 2016
- October 2, 2015
- August 20, 2015
- September 25, 2014
- November 8, 2013
- May 1, 2013
- February 18, 2013
- January 11, 2013
- November 22, 2012
- August 10, 2012
- June 12, 2012
- February 1, 2012
- December 7, 2011
- October 19, 2011
- August 19, 2011
- July 18, 2011
- June 10, 2011
- Discipline and Suspension Resources for Lawyers