Client Affairs

Protecting The Client: Digital Footprints, Offshore Leaks - The View From Taylor Wessing

Tom Burroughes Group Editor London 29 January 2020

Protecting The Client: Digital Footprints, Offshore Leaks - The View From Taylor Wessing

We talk to a major law firm about some of the issues that arise around the topic of "protecting the client", ranging from digital security and cyber-threats through to various assaults on financial privacy from campaign groups and governments. This is part of a series of articles examining the topic.

This publication is looking at how those working with high net worth individuals, be they lawyers, bankers, technologists or trust sector specialists, protect clients’ interests. We have already had a look at issues about reputation and public profiles and how firms try to help individuals fix a “problem”. In this interview with law firm Taylor Wessing, we speak to senior associate Michael Yates about what firms can do to protect clients’ image and reputation. There is more to it than libel laws.

In this social media age and era of so-called “woke” culture, people need to protect reputations and understand risks to privacy but realistically, these technologies are not going away. Any thoughts on the sort of approaches advisors should encourage in their clients?
Advisors in this space need to help their clients understand their information footprint, as well as other's access to it, how they communicate, how much information is shared and the consequences. This is imperative in minimising damage that can be done to one's privacy and reputation via social media and use of technology.

As clients often control their own social media accounts and decide, for example, who and what they text, and when, they are the decision makers and often make decisions way before they seek advice. Therefore, an advisor's key role is empowering their clients to make the right decisions.

For example, clients need to decide how much they want to share and whether they have open or private social media settings. Password security on devices and iCloud accounts must be effective to avoid the risk of being hacked. Clients should be aware of the risks when texting, skyping or synching with others and should never send something to someone they would not want them to keep. 

Clients should be aware of the risks when communicating online with people they don't know or via webcam and avoid responding to malicious emails. Clients need to also understand how their information moves through official organisations, such as family offices, charities, companies, the Land Registry or foundations.

Not all clients are "above the radar", but if they are, then advisors need to provide an extra lawyer of advice. For example, clients should maintain or monitor their own Wikipedia pages or websites to understand what is in the public domain about them. Commenting publicly via Twitter, for example, on newsworthy events or others should come with an understanding of the risks of being a publisher in one's own right. Equally, clients should understand via an online audit what is already out there online about them and take steps to deal with false content.

Privacy has been attacked by policymakers, campaign groups and others in recent years, sometimes with good reason. Swiss bank secrecy is a dead letter, internationally. How can advisors help protect legitimate privacy in this environment? How do things such as “golden visas” and IFCs still play any role in protecting the clients’ interests today?
The legitimacy of asserting a client's privacy and confidentiality must, in the legal sense, be considered on a case-by-case basis. Generally speaking, and subject to obvious duties to disclose information to tax authorities, Companies House, the Land Registry or law enforcement, in the UK a person's financial information is private and confidential and its disclosure is capable of being legally prevented. 

Legal advisors need to understand how private or confidential information flows from their client on to others, and then which of these data flows are protectable or preventable under the law and which are not. If information is in the public domain already, such as information on Companies House, then there is a strong argument against such information being still private or confidential.

Obviously, clients need to provide information to whichever tax authorities they must account to in whichever jurisdiction. For example, providing confidential financial information to HMRC is a legal requirement, but HMRC then going on to brief journalists about such information, as took place in R (Ingenious Media) v HMRC ([2016] UKSC 54), is potentially unlawful and can, together with its publication in the media, be stopped, provided there is no overriding public interest. 

The exchange of a client's financial information between tax authorities in different jurisdictions via the Common Reporting Standard (CRS) is of course legitimate, but the leak of that information onto the web or dark web would be unlawful, as would its use by malicious third parties. Similarly, disclosing information to law enforcement authorities as part of an investigation is legitimate, but its onward disclosure by those authorities to the media may not be.

Likewise, the disclosure of private, financial information to a client's bank or investment manager is something that would take place pursuant to a contractual arrangement containing confidentiality obligations preventing any further, onward disclosure to others, such as the media. The fact that such obligations exist would again provide a firm basis for preventing the publication of such information in the media or online, presuming that there was no overriding public interest.

The hacking of financial information from IFC organisations, as took place in the Panama Papers and Paradise Papers stories, is an unlawful (potentially even a criminal) act and the further publication of that information online or in the media is also capable of being prevented using the law of confidentiality or privacy, taking into account all the circumstances and the public interest. 

Institutions must have effective data security in place to minimise data leaks. In the same way, employees who steal information and try and disclose it will also be exposed to civil claims for doing so in the same way that warring spouses who try and steal information from each other to use against the other during divorce proceedings would be.

Register for WealthBriefing today

Gain access to regular and exclusive research on the global wealth management sector along with the opportunity to attend industry events such as exclusive invites to Breakfast Briefings and Summits in the major wealth management centres and industry leading awards programmes