In a note to Bar Council members last night, the Bar Council IT panel advised that certain pieces of US legislation had the potential to allow US authorities to access information held in the cloud or on external backup services which used computers owned by US companies, even if the data would be subject to legal privilege in the UK.
If such access took place, it could also result in the person holding the information unwittingly breaching the Data Protection Act.
In particular, barristers were advised to check where any legally privileged information they currently held was being stored, look into whether any digital storage services they were using had a US parent company and consider encrypting any information that needed to be held in external storage.
The IT panel warned that the potential existed for the information to be accessed not only without the barrister's permission, but also without their knowledge.
"The USA Patriot Act and the USA Freedom Act confer considerable surveillance powers on US authorities," said Jacqueline Reid, chair of the Bar Council IT panel. "Barristers routinely retain legally privileged information relating to their clients, and they should be aware that these surveillance powers can place the confidentiality and security of this highly confidential information at risk."
Earlier this month, the EU and the US reached an agreement on the framework to govern the flow of data between the two regions, calling it the "EU-US Privacy Shield".
The framework had to be rethought after its predecessor, "Safe Harbour", was deemed invalid by the Court of Justice of the European Union.