Opposing counsel asks for the draft settlement deed by 4pm. You attach the PDF to a quick email reply. Five minutes later, the partner asks why a draft deed has just gone out the door without encryption.
Legal documents are confidential, privileged, and frequently subject to client-imposed security requirements. A password isn't a nicety.
When encryption is mandatory
Many corporate clients now require their law firm panel to encrypt all documents at rest and in transit. The Solicitors Regulation Authority and the Bar Standards Board both reference 'reasonable steps' to protect client confidentiality. AES-256 PDF encryption is the floor; many firms also use secure deal rooms.
For court bundles containing sensitive material — family law, asylum cases, commercial disputes with NDAs — encryption is expected.
Workflow for matter teams
Before sending: merge the bundle, reorder pages into the agreed sequence, then encrypt the final file with Flint's password tool. Use AES-256 and a generated passphrase.
Distribute the password via a different channel — internal IM, phone call, the matter portal. Log the recipient and the date. If the matter is sensitive, set a calendar reminder to rotate or revoke.
Signing and sealing
After the document is settled, witnessed signatures or electronic signatures should be applied via a tool that produces an audit trail. Use Flint's signing tool for self-execution and request-and-witness flows. A signed PDF should not be re-edited — any subsequent change invalidates the signature, which is exactly the point.
FAQ
Are emailed contracts privileged?
Legal professional privilege survives the medium, but reasonable steps to protect confidentiality are expected. Unencrypted email is a vulnerability if intercepted.
What about discovery requests?
Encryption protects against unauthorised access; it doesn't shield documents from lawful disclosure. Always assume privileged documents may be reviewed in due course.
Should I encrypt internal-only documents?
If they contain client information or matter-sensitive analysis, yes. Internal email also leaks, and audit obligations don't distinguish internal from external.
Is a password enough on its own?
For most documents, yes — paired with a good distribution discipline. For very sensitive matters, add a deal-room with access controls and audit logging.
Don't let an unencrypted draft become a Monday-morning conversation. Encrypt legal PDFs by default.