Legal Services Operational Privacy Certification Scheme (LOCS:23)

The ICO's recent approval the of a new standard for external testing of data protection in the legal sector represents a significant development for law firms and SaaS providing legal service delivery platforms.

Benefits for Law Firms and Software Providers

The newly approved Art.42 certification scheme, Legal Services Operational Privacy Certification Scheme (LOCS:23) provides law firms and Software-as-a-Service (SaaS) companies building legal service delivery platforms with a structured framework to benchmark and implement best practices for client data protection.

Client trust

By achieving LOCS:23 certification, firms can demonstrate their commitment to data security, potentially reducing the risk of enforcement action and fines from the ICO.

Certified organisations are permitted to use the relevant trust mark:

LOCS:23 Data Controller  LOCS:23 Data Processor

Competitive advantage

Certification can be a competitive advantage, allowing firms to win tenders and reassure clients that their information is in safe hands. The standard promotes a culture of data protection by default within the firm, with benefits that extend beyond mere regulatory compliance. By implementing robust data protection processes, law firms can minimise the risk of data breaches, which can be costly and damage client trust. Working with a LOCS:23 consultancy you can build this advance into your current workflow, as well as setting a foundation for the next stages of growth in client work or legal service delivery.

Alignment with existing standards

LOCS:23 is designed to complement, not replace, existing data and information security standards. There is a significant overlap between LOCS:23 and other recognised frameworks, such as ISO 27001 (for information security management) and ISO 27701 (for privacy information management).

Firms that have already achieved certification against these standards will find much of the groundwork for LOCS:23 compliance already in place. LOCS:23 builds on these existing frameworks by providing specific guidance tailored to the legal sector, addressing areas of particular risk for law firms handling sensitive client files.

Opportunities for SaaS legal tech companies

The launch of LOCS:23 presents a significant opportunity for SaaS companies that provide legal services or software platforms to the legal sector.

These companies can develop solutions that align with LOCS:23 controls and become certified themselves, enhancing their reputation within the sector and helping law firms achieve and maintain compliance.

For instance, SaaS legal practice management software could be designed to incorporate features that streamline data access controls and client consent management, directly addressing key requirements of LOCS:23. By offering integration with LOCS:23 frameworks, SaaS companies can position themselves as valuable partners to law firms navigating the evolving landscape of data privacy regulations.

This should be a win-win situation, as law firms gain a path to compliance and efficiency, while SaaS companies establish themselves as trusted advisors within the legal sector.

Download the standard

Find about more about the LOCS:23 standard on the ICO certification page, or download a copy below.

Download file [pdf]

Is LOCS:23 right for you?

There are various roles under the LOCS:23 standard for all types of organisations.

We can provide:

  • Training
  • Gap analysis
  • Control mapping
  • Hands-on implementation

Get in touch with us to discuss your requirements.

Get in touch