From my experience supporting about 40 UK solicitor firms through VoIP migration since 2022, legal is its own category with very specific regulatory and practical constraints. Most generic SMB VoIP advice is wrong for a law firm. Let me walk through what actually matters.
The regulatory baseline
UK solicitors are regulated by the SRA (Solicitors Regulation Authority). Their Code of Conduct plus the Principles touch phone systems in several ways, and firms frequently misunderstand where exactly the compliance lines are.
SRA Principle 7 — acting in clients' best interests
Touches phone systems through accessibility (can clients reach their solicitor), responsiveness (are calls returned promptly), and quality of advice (did the solicitor have the right information during the call). Phone systems affect all three.
Code of Conduct for Firms 2.5 — record-keeping
Requires adequate records of client matters. Phone calls are records. If you handle matters by phone and do not record or note the calls, your record-keeping is incomplete. The SRA will not tell you to record everything, but in a dispute you will want recordings.
GDPR and LPP (legal professional privilege)
Call recordings containing privileged information are privileged material. Storage, access, and deletion policies must protect LPP. This is the biggest trap I see.
Solicitors Account Rules (SAR)
Client money matters discussed by phone fall under SAR. If a client calls to authorise a payment from their client account, the authorisation record must be defensible.
The 4 actual requirements in practice
1. Recording with LPP-aware access controls
You do not have to record every call. But if you record any calls, you must control who can access them. A junior staff member being able to browse through recordings of a partner-level confidential matter is a breach.
Realistic config, access to recordings restricted by matter or by originating extension. A recording of a call to the litigation partner's DDI is only accessible by that partner and the designated admin. Most decent UK VoIP providers support this via role-based access or per-queue retention.
2. UK data residency
Non-negotiable. LPP data leaving the UK creates a complex jurisdictional mess. Make sure your provider's recording storage is UK-resident, and ideally the signalling and media paths too. Ask your provider specifically 'where are my recordings stored' — if they say 'EU' or 'multi-region', that is not sufficient for a UK solicitor.
3. Subject access request handling
GDPR allows clients to request copies of recordings featuring them. Under LPP this is more complex — a client can request their own privileged material, but parts containing another party's privileged content must be redacted or withheld.
This is not automated. You need a process for handling requests. Budget 2-4 hours of fee-earner time per SAR involving recordings.
4. Retention periods
The SRA does not set recording retention. You set it. Typical configurations I see at UK solicitors.
| Call type | Retention |
|---|---|
| General enquiry | 6 months |
| Client matter update | 6 years (Limitation Act) |
| Disputed matter / pre-litigation | 12 years minimum |
| Conveyancing | 15 years |
| Wills and probate | Indefinite |
Automated deletion after retention is critical. Keeping recordings longer than your policy says is a GDPR violation.
The practical features that actually help
Ring groups with discreet routing
Large firms need calls to a specific solicitor routed to their PA first, then them. A caller asking for 'Mr Henderson' should not be told Mr Henderson is in court at the Old Bailey (confidentiality), they should be offered a callback. This is configured via hunt groups with call-screening announcements.
Call recording pause-and-resume for card payments
If your firm takes card payments by phone (most do, for disbursements or retainers), PCI DSS says the CAV/CVV must not be in the recording. Pause-and-resume integration with your payment provider is essential.
Accurate call reporting for billing
If you bill time, phone time often counts. Ring-group calls, transfers, and parked calls frequently do not get logged in standard PBX reports. Verify during trial that every billable minute on the phone is captured and exportable to your billing system.
At DialPhone we export CSV call logs with caller ID, extension, duration, transfer history, to/from minutes breakdown. Most practice management software (Clio, LEAP, Actionstep, Osprey) can ingest this format.
Voicemail-to-email with LPP protection
Voicemails to a partner's extension might contain privileged content. The voicemail-to-email transcription and the audio attachment both need to be encrypted in transit AND at rest on the recipient's mailbox. Most UK solicitors' email is Microsoft 365 or Google Workspace, both adequate with proper configuration.
One gap, voicemail transcripts flowing to a solicitor's personal phone on a BYOD device. If the phone is compromised, privileged content leaks. Consider MDM or a business-only email app for fee earners.
The mistakes I see in UK law firm deployments
Recording everything by default without retention planning
Firms often start recording all calls 'just in case' and never configure retention. Two years later they have 18,000 recordings, cannot search them, and are in GDPR breach.
Using a single conference bridge for confidential matters
Most VoIP platforms offer 'meeting rooms' with fixed PINs. Multiple client matters using the same bridge is a confidentiality risk. Use per-matter ad-hoc bridges instead.
No pre-call notification on recording
UK law requires a 'this call may be recorded' notification. Not all firms implement this. Fine if you never record, problematic if you do.
Mobile apps without recording
If the fee earner takes client calls on their mobile app but those calls are not recorded (most default mobile apps do not record), your record-keeping is incomplete. Configure recording on mobile extensions too, or limit mobile to non-billable.
Realistic pricing for a typical UK law firm
For a 12-fee-earner firm with 8 support staff, 2 sites, based on 14 similar deployments at DialPhone in 2025.
| Item | Monthly |
|---|---|
| 20 staff users × £24 | £480 |
| Call recording with LPP access controls | Included |
| UK data residency | Included |
| PMS integration (Clio/LEAP) | Included |
| Practice management export | Included |
| 999 provisioning | Included |
| Total | £480 |
Compare with a typical on-premise SRA-compliant PBX, £800-1,500/month including maintenance, licencing, and hardware refresh amortisation. Cloud VoIP is meaningfully cheaper when compliance is included.
Shortlist questions for any provider you evaluate
- Where are call recordings physically stored? (Must be UK)
- Can I configure retention by matter type or extension?
- Does pause-and-resume work with my payment provider?
- Do you support ring groups with call screening announcements?
- Do you integrate with my practice management system? (Clio / LEAP / Actionstep / Osprey etc)
- What is your SLA for production restoration, and is there a documented escalation path?
- How do you handle SAR requests that involve recordings?
If a provider cannot answer any of those clearly, they are not experienced with UK law firms. Walk away.
If you run a UK solicitor firm and want to talk through this, DialPhone works with around 40 UK law firms and we have real references. No hard sell, just honest advice.
