Solicitor News reports
ICO finds CILEX breached data laws after refusing ex-President’s email access request
The Information Commissioner’s Office (ICO) has warned that the Chartered Institute of Legal Executives (CILEX) breached data protection obligations in its handling of a subject access request made by its former president, escalating a long-running dispute between the two sides.
Stephen Gowland, who served as CILEX president from 2013 to 2014, has been in conflict with the organisation for several years over governance issues, proposed charter reforms, and controversial plans to transfer regulatory oversight to the Solicitors Regulation Authority (SRA).
Gowland severed his formal ties with CILEX in September 2023, describing a lack of communication over a judicial mentoring scheme as “the final straw.” The disagreement, however, has continued through a series of legal and procedural exchanges.
In October 2023, Gowland submitted a subject access request seeking copies of emails and attachments either sent from or to former CILEX chief executive Linda Ford that contained his name or related information dating back to 1 January 2016.
CILEX refused the request, claiming the data was exempt because Gowland had sought the organisation’s correspondence address for the purpose of serving papers in connection with legal proceedings.
Gowland subsequently lodged a complaint with the ICO, which concluded in February 2024 that CILEX had “infringed its data protection obligations.”
In a letter to Gowland, the ICO stated: “While legal proceedings are a valid consideration, they should not automatically lead to a refusal of a [subject access request]. The Data Protection Act emphasises a delicate balance between protecting individuals’ privacy rights and meeting legal requirements. We believe that it is possible to achieve this balance without outright denial of your request.”
Despite that finding, CILEX maintained its refusal. In March 2024, the organisation wrote again to Gowland, saying that the requested material included personal data relating to other individuals. Even if their consent could be obtained, CILEX argued, the documents were subject to five exemptions under the Data Protection Act.
These exemptions covered information protected by legal professional privilege; data linked to functions intended to protect the public; information connected to regulatory functions related to legal services; material concerning judicial appointments, independence, and proceedings; and data required by law to be disclosed in connection with legal proceedings.
Gowland told The Law Society Gazette that he only became aware of CILEX’s final position in July this year. He questioned the organisation’s shifting rationale, saying: “Why they feel the need to move the goalposts?”
The dispute marks the latest flashpoint in a broader conflict between CILEX and some of its former leaders and members over the organisation’s future direction. The proposed transfer of regulatory authority to the SRA has been particularly divisive, prompting members to consider legal action and to voice concerns about the erosion of CILEX’s independent identity.
Read more at
CILEX accused of breaching data laws in row with ex-President Stephen Gowland
