SRA Code of Conduct in Practice - Confidentiality and disclo...

Learning Outcomes

This article covers the SRA Code of Conduct rules on client confidentiality and disclosure in practice, including:

• The solicitor’s core duty to keep client affairs confidential and the continuing nature of that duty, even after termination or death
• When disclosure is required or permitted by law, and when limited justifications to avert imminent serious harm may be considered
• The distinction between confidentiality and legal professional privilege, including advice and litigation privilege and the crime-fraud exception
• The duty to disclose material information to clients and its limits (statutory prohibitions, informed consent, and risk of serious harm)
• Managing conflicts where confidential information is held for multiple clients and assessing “no real risk” using effective information barriers
• Obtaining, documenting, and relying on informed consent appropriately in co-client and adverse interest scenarios
• Anti-money laundering obligations, SARs, tipping off risks, and the need for a defence against money laundering before proceeding
• Correct treatment of mistakenly received privileged material and practical steps to avoid misuse
• Application of these principles to realistic scenarios and common SQE2 exam pitfalls

SQE2 Syllabus

For SQE2, you are required to understand the duty of confidentiality and the rules on disclosure as they apply in legal practice, with a focus on the following syllabus points:

• the general duty of confidentiality for solicitors and support staff, and its continuing nature
• the key exceptions to the duty, including client consent and disclosure required or permitted by law
• the duty to disclose material information to a client and its limits
• the management of conflicts where confidential information is held for more than one client
• the relationship between confidentiality, disclosure, and legal professional privilege
• the practical application of information barriers and “informed consent”
• the typical exam scenarios where these rules interact
• the anti-money laundering reporting, tipping off risks, and interaction with confidentiality

Test Your Knowledge

Attempt these questions before reading this article. If you find some difficult or cannot remember the answers, remember to look more closely at that area during your revision.

1. Does the duty of confidentiality end when the solicitor finishes acting for a client or if the client dies?
2. In what circumstances may a solicitor disclose client information without explicit consent?
3. What must a solicitor do if asked to act for a new client whose interests are adverse to a former client for whom they hold relevant confidential information?
4. Can you explain the difference between the duty of confidentiality and legal professional privilege?

Introduction

The solicitor’s duty of confidentiality is a non-negotiable core requirement when providing legal services in England and Wales. The SRA Code of Conduct sets out the obligation to keep clients’ affairs confidential, but there are important exceptions and related disclosure duties that can arise in practice. Solicitors must understand not just the default position, but also when disclosure may be (or must be) made, and how conflicts or risks involving more than one client should be handled. The distinction between confidentiality, legal professional privilege, and regulatory reporting is frequently tested in SQE2.

The duty of confidentiality

All solicitors (including support staff) must keep the affairs of current and former clients confidential unless disclosure is required or permitted. This strict obligation is a fundamental element of client trust and professional standards.

Key Term: confidentiality
The obligation to keep all information relating to a client’s affairs and matters private, unless disclosure is required or permitted, or the client consents.

Under the Code, this duty is framed as an outcome to be achieved, not simply a duty to take reasonable steps. Firms and individuals must ensure systems and behaviours actually preserve confidentiality in practice, not only on paper.

Who is bound and what is covered?

The duty of confidentiality covers all information about a client or matter, whatever the source. It applies to solicitors, trainees, paralegals, and anyone else working in a firm. Confidentiality continues after the retainer ends—even after the client’s death. The SRA Code for Firms mirrors this obligation, so firms must embed appropriate systems to prevent inadvertent disclosure by any staff or contractors.

Key Term: continuing duty of confidentiality
The solicitor’s obligation to keep client affairs confidential persists indefinitely after the retainer ends and after the client dies.

Scope of the duty

The information protected is very broad. Anything learned by the solicitor about a client’s affairs in connection with their engagement is covered, whether the information came from the client, an opponent, or a third party. This includes client identity information, documents, oral instructions, and metadata in electronic files. The source of the information does not matter, and it does not need to be sensitive or obviously significant to be confidential.

However, the duty generally attaches to information “relating to the retainer”. Information obtained completely outside the retainer may not be covered, although personal data and privacy obligations may still apply under data protection law.

Key Term: client affairs
All information relating to a client’s legal matters or personal or business circumstances obtained in connection with legal work.

The duty extends to initial or prospective client discussions even where the firm is not ultimately instructed. Information disclosed by a would-be client at an initial meeting can trigger confidentiality and later bar the firm from acting on the other side if the information is material and adverse.

Exceptions to confidentiality

Although the duty is strict, there are situations where information can be lawfully disclosed. These exceptions arise mainly when:

1. The client consents (explicitly or, with care, implicitly).
2. Disclosure is required or permitted by law (e.g., statute, court order, or regulation).
3. Disclosure is justified to prevent very serious and imminent harm where permitted by SRA guidance.

1. Client consent

Solicitors may disclose confidential information if the client gives informed consent. The client must understand:

• what information will be disclosed
• to whom
• why
• when, and
• the potential consequences and risks

Best practice is to record consent in writing, with clear scope and time limits, and to refresh consent where disclosure contexts or recipients change. General, blanket waivers are rarely appropriate, particularly if disclosure could later prejudice the client’s interests.

Key Term: informed consent
Consent given by a client after being provided with sufficient information to make an informed decision.

Consent may also be structured in co-client engagements. For example, co-defendants who instruct the same firm may agree what information can be shared between them and what is segregated. These arrangements should be documented and revisited if a divergence of interests emerges.

2. Disclosure required or permitted by law

Confidential information must be disclosed if there is a legal obligation to do so. Common examples include:

• anti-money laundering legislation (e.g., Proceeds of Crime Act 2002 (POCA), Terrorism Act 2000, and the Money Laundering Regulations)
• court orders, search warrants, or statutory notices
• obligations to regulators, including the SRA (for example, under s.44B Solicitors Act 1974 notices)

Disclosure is also permitted where legislation allows it—for example to make a suspicious activity report (SAR) to the National Crime Agency (NCA). When disclosure is made under or in compliance with law, this does not breach the Code’s duty of confidentiality.

Where disclosure is required, you must disclose only what is necessary and proportionate to comply, and you should, where possible, seek to maintain privilege (see below).

3. Limited justifications due to risk of harm

In exceptional cases, solicitors may consider disclosure to prevent death, serious harm, or significant abuse of vulnerable people, even where not expressly required by law. The SRA’s guidance recognises that such disclosure may be justified where there is a clear and imminent risk and no reasonable alternative. Any such disclosure should be:

• necessary, limited, and proportionate to avert the harm
• carefully documented with reasons and approvals
• made with consideration of privilege (privileged material should not be disclosed)

Key Term: justified disclosure
A rare, defensible breach of confidentiality to prevent imminent and serious harm, taking account of public interest factors.

Note that this is not a general “public interest” defence to disclose confidential information about past conduct. It is focused on preventing imminent serious harm and does not authorise post-event disclosures where the danger has passed.

What cannot justify disclosure?

Business convenience, fear of litigation, reputational concerns, pressure from third parties (including family members of the client), or a wish to assist another client are never sufficient reasons to breach confidentiality. The duty is owed to the client, not to the firm or other stakeholders.

The duty continues—termination and death

The duty of confidentiality is not limited to ongoing matters. It survives the end of the retainer and continues after the client’s death. The right to waive confidentiality passes to the client’s personal representatives after death. Practically, you should be cautious about disclosing information to family members unless you have verified their authority (e.g., grant of probate or letters of administration) or hold the client’s pre-death consent.

In will disputes, practitioners often receive Larke v Nugus requests for information about will preparation. Although not compelled at the outset, best practice is usually to cooperate, subject to the executors’ authority and privilege considerations, to avoid costly satellite litigation. Even then, keep disclosure limited to what is legitimately required.

Confidentiality vs legal professional privilege

The duty of confidentiality is related to (but not identical to) legal professional privilege. Privilege is a narrower legal doctrine, and its main effect is that privileged documents/information cannot be forced to be disclosed in court proceedings (unless privilege is lost or overridden by law). However, all privileged information is confidential.

Key Term: legal professional privilege
A principle protecting certain communications between lawyer and client from compulsory disclosure in legal proceedings.

Two main categories exist:

• legal advice privilege (confidential communications between client and lawyer for the purpose of giving or receiving legal advice)
• litigation privilege (communications made for the dominant purpose of existing or reasonably contemplated litigation)

Privilege belongs to the client. It can be waived (expressly or impliedly) only by or with the client’s authority. There is a narrow crime-fraud exception: communications in furtherance of a crime or fraud are not privileged. Care must be taken not to inadvertently waive privilege—for example by sharing privileged material with third parties outside necessary common-interest arrangements.

Key Term: crime-fraud exception
Communications between client and lawyer made to further a crime or fraud are not protected by legal professional privilege.

Cooperation duties to regulators (including the SRA) do not generally override a client’s privilege; however, where the SRA compels production of documents, the regulator is expected to manage and respect privilege as part of its investigatory processes. Seek specialist advice if in doubt.

The duty of disclosure to the client

Solicitors are also generally required to disclose to their client any information that is material to the client’s matter, if the solicitor knows of it. This duty (SRA Code para 6.4) is personal to the individual acting—it does not impose a general duty to search the firm’s files.

Key Term: material information
Information that might reasonably be expected to significantly affect a client’s decisions about their matter when viewed as a whole.

However, this duty is not absolute. Disclosure must not be made where:

• it is prohibited by legal restrictions (e.g., national security, AML restrictions)
• the client has given written, informed consent not to be told
• disclosure creates a real risk of serious physical or mental injury
• the information is known only due to a privileged document disclosed by mistake

Where confidential information about another client is relevant, the solicitor may be unable to act further if disclosure would breach that other client’s confidentiality. In such cases, the duty of confidentiality to Client B will prevail over the duty of disclosure to Client A, which may require ceasing to act for A (and sometimes B) to avoid a conflict.

When is disclosure to other clients or third parties prohibited?

Where a solicitor holds confidential information that is material to the matter of a different (current or former) client with adverse interests, the solicitor may not act unless:

• there is no real risk of disclosure due to effective information barriers, or
• the client who owns the confidential information gives informed consent

If these conditions are not met, the solicitor must not act for the second client. The “no real risk” assessment requires that the risk be more than fanciful or theoretical; it need not be substantial. In small teams or small firms, establishing effective barriers can be difficult. The firm must be satisfied that physical, electronic, supervisory, and cultural safeguards make inadvertent or deliberate transfer of information realistically impossible.

Key Term: information barrier
Organisational and technical measures designed to prevent confidential information from being shared between different teams or individuals in a practice.

Key Term: conflict of interest
A situation where a solicitor’s duties to different clients (or to a client and themselves) conflict or risk conflicting.

Worked Example 1.1

Scenario:
You are asked to represent Client A in litigation against Client B, whom your firm previously represented. Confidential information from the earlier retainer may affect the new proceedings.

Answer:
You must not accept the new instructions unless:

• you can show effective safeguards (information barriers) are in place to prevent disclosure, and there is no real risk of information transfer, or
• you have informed written consent from Client B.

If neither applies, you must decline to act for A due to the risk of breaching B’s confidentiality.

Situations giving rise to conflicts

A frequent scenario is where a new client’s interests are adverse to a current or former client for whom confidential information is held. These situations must be identified at intake and kept under review because risks can emerge as matters develop.

What about acting for opposing sides?

If you hold material confidential information for a party who will be directly opposed to your new client, you cannot act unless the exceptions above apply. Even if there is no actual possession of the information by the individual solicitor, the firm’s knowledge may be imputed unless robust measures negate any real risk of use or disclosure.

Worked Example 1.2

Scenario:
You acted in a business sale for Seller (Client X) last year. Now you are asked to act for a buyer in a dispute over that sale. Information about the negotiations would benefit both clients but may be confidential.

Answer:
If information from acting for Seller is material and confidential, you cannot act for the new Buyer unless you obtain Seller’s informed consent or erect an effective information barrier for a different team and can show there is no real risk of disclosure. If you cannot meet one of these conditions, you must decline to act.

Anti-money laundering and confidentiality

Solicitors must breach confidentiality if obliged by anti-money laundering laws to report suspicious activity. This is a legal requirement, not an exception at discretion. Transmission of such information to the authorities is permitted by law and must be handled exactly as set out in the relevant legislation and guidance.

Key points:

• If you know or suspect money laundering (or terrorist financing), you must make an internal report to the firm’s nominated officer (MLRO). The MLRO decides whether to submit a SAR to the NCA.
• You must not tip off the client or anyone else that a SAR has been made or is contemplated, if that disclosure is likely to prejudice an investigation.
• You may need to seek a defence against money laundering from the NCA before proceeding with a transaction after submitting a SAR.

Key Term: tipping off
Informing a client or third party that a report or investigation into money laundering is being contemplated or has been made, where that disclosure is likely to prejudice the investigation. This is an offence under POCA.

If the MLRO submits a SAR and “consent” (now framed as a defence against money laundering) is refused, you must not proceed with the transaction during the moratorium period, and you cannot explain the true reason to the client. This can create tension with the duty to disclose material information to the client; however, the statutory prohibition takes precedence.

Dealing with mistaken disclosures

If a solicitor receives documents or information by mistake (such as another party’s privileged documents), they must return them and not disclose or use them. You should:

• stop reviewing the material
• notify the sender promptly
• return or delete the material as agreed
• take advice before using any non-privileged material inadvertently disclosed

This scenario is also expressly included in the exceptions to the duty of disclosure to your own client: if your knowledge arises solely because a privileged document was mistakenly disclosed, you must not disclose it to your client.

Practical steps when a conflict or risk of breach arises

• Identify the risk of conflict or exposure to confidential information at the start and keep conflicts under review throughout.
• Decline to act if a conflict exists (unless an exception applies) or if you cannot construct effective barriers.
• If acting, document any client consents or information barriers in writing and ensure all staff understand and comply with them.
• Always check for possible firmwide (not just individual) conflicts and risks.
• Secure systems and processes: role-based access controls, encrypted storage, separate matter workspaces, robust “clean team” protocols, and targeted training.
• Keep attendance notes and decision logs; the Code requires you to justify decisions if challenged.

Exam Warning

Exam questions often test where exceptions to the duty of confidentiality do or do not apply. Remember, the client's consent must be truly informed, and information barriers must eliminate real risk, not just be nominal formalities.

Revision Tip

Be prepared to explain the difference between confidentiality (all client information is protected), legal professional privilege (certain legal advice/communications are immune from disclosure), and the duty of disclosure to the client. Exam scenarios routinely mix them up.

Worked Example 1.3

Scenario:
A solicitor’s client, Bob, confides he plans imminently to harm himself. Bob expressly forbids the solicitor from telling anyone.

Answer:
The solicitor should first try to gain Bob’s consent to disclosure. If that is not possible, disclosure may be justified to prevent imminent serious harm. The solicitor should carefully document the reasons for disclosure and restrict it to what is necessary, consistent with SRA guidance.

Worked Example 1.4

Scenario:
While acting on a property purchase, you suspect the funds provided are the proceeds of tax evasion. You file an internal report. The MLRO tells you a SAR will be made and asks you not to proceed until further notice. The client calls asking why the matter has stalled and demands a full explanation.

Answer:
You must not reveal that a SAR has been, or will be, made if doing so risks prejudicing an investigation. Explain that you cannot proceed at present for regulatory reasons, avoid giving specifics, and take guidance from the MLRO. Do not proceed until a defence against money laundering is obtained or the moratorium period ends. This approach complies with POCA and the Code; you must not mislead the client, but you are permitted to withhold material information where disclosure is prohibited by law.

Worked Example 1.5

Scenario:
In commercial litigation, you receive a bundle by email from the other side that includes a memo marked “Privileged—Counsel’s advice” obviously intended for their client. Your trainee has already skimmed it.

Answer:
Stop reading and isolate the document. Notify the sender promptly, confirm it was received in error, and offer to delete and/or return it. Do not use the content. You should also record the limited extent of exposure and, if necessary, seek the court’s directions. Under the Code, you must not disclose this information to your client where your knowledge exists solely due to the mistaken disclosure of a privileged document.

Worked Example 1.6

Scenario:
You had a free initial meeting with a prospective claimant about a professional negligence claim but declined to take the instruction. Later, the defendant approaches your firm. Details from the initial meeting could be material to the defence.

Answer:
Information shared by a prospective client is confidential if given in connection with seeking legal advice. If it is material to the proposed defence and there is an adverse interest, your firm must not act for the defendant unless effective information barriers remove any real risk of disclosure or the prospective client gives informed consent. In many cases, the safest course is to decline to act.

Building and assessing information barriers

Robust barriers usually include:

• separate, ringfenced teams (including support staff) with independent supervision lines
• physical separation where feasible, or strict hot-desk protocols
• IT access controls at matter level and encrypted document stores
• clear “need to know” policies; logs of access and audits
• internal notices making clear that the other matter is off-limits
• training, attestations, and enforcement procedures

In small practices and small teams, barriers may not credibly eliminate real risk. Be realistic about whether your structure can truly protect the information.

Record-keeping and firm culture

The Code requires solicitors to justify decisions and actions. Good practice includes:

• a conflicts and confidentiality assessment at intake and at key milestones
• a written rationale for any decision to act under para 6.5 exceptions
• detailed barrier plans, team lists, and access logs
• contemporaneous notes explaining decisions to withhold material information under para 6.4 exceptions
• clear communications with clients about what you can and cannot disclose in co-client or joint retainer arrangements

Data protection and confidentiality

The duty of confidentiality sits alongside data protection obligations. When responding to subject access requests, privileged material and third-party confidential information may be exempt from disclosure. Always assess whether legal professional privilege applies before disclosing material in response to data requests.

Managing tensions with the duty to the court

Where duties to the court (e.g., not misleading the court or correcting known errors) interact with confidentiality, the public-interest duties to the administration of justice take precedence. If a client insists on a course that would cause you to mislead the court, you must refuse and, if necessary, cease to act, while maintaining confidentiality about your reasons.

Key Point Checklist

This article has covered the following key knowledge points:

• The duty of confidentiality applies to information about all current and former clients except where disclosure is required or permitted.
• Confidentiality survives the end of the retainer and after a client’s death; authority to waive passes to personal representatives.
• Disclosure is permitted only with informed consent, when required or permitted by law, or in rare cases to avert imminent serious harm.
• Anti-money laundering obligations may require reporting; you must avoid tipping off and may need a defence against money laundering before proceeding.
• The duty to disclose all material information to a client does not override the duty of confidentiality to others; statutory prohibitions can also limit disclosure.
• Solicitors must not act if they possess confidential, material information from another client with adverse interests, unless there is no real risk of disclosure or informed consent is obtained.
• Information barriers must remove any real risk of disclosure; in small teams they may be ineffective.
• Legal professional privilege is narrower than confidentiality and prevents compelled disclosure; the crime-fraud exception removes privilege where advice furthers wrongdoing.
• Mistakenly received privileged documents should not be read or used; notify and return or delete them.
• Keep clear records of conflicts checks, barrier measures, client consents, and reasons for any justified or legally required disclosures.

Key Terms and Concepts

• confidentiality
• continuing duty of confidentiality
• client affairs
• informed consent
• justified disclosure
• legal professional privilege
• crime-fraud exception
• information barrier
• conflict of interest
• material information
• tipping off