Data Dos and Don'ts

By Emily Lew, March 31, 2011
Follow The JC on Twitter

With the proliferation of electronic documents, the globalisation of commerce and disputes, and the availability of a range of different document storage options, businesses are increasingly turning their attention to their document management practices.

Regulations governing document management and data retention come from a variety of sector-specific sources, rather than being governed by a single regime or rule. Businesses need to be aware of data retention obligations relating to accounting, tax, corporate regulation, employment, health and safety, freedom of information and data protection. There are many legal and regulatory procedures under which documents may find their way into the hands of third parties, the courts and regulators. And compliance with these regulations and procedures can be costly and onerous.

Here is some general guidance in relation to some of the obligations faced by businesses in the UK:

● Companies should be guided by the time limits for the bringing of civil legal claims (limitation periods) in considering how long they should keep data, as documents may need to be produced in court when bringing or defending claims. In England and Wales, this is generally six years from the date of the alleged wrongdoing.

● Documents might also have to be disclosed to regulators such as the Financial Services Authority, the Serious Fraud Office and tax authorities, which enjoy information gathering and sharing powers.

● However, documents containing legal advice are generally protected from production in litigation or to regulators by legal privilege.

● The Data Retention Directive requires providers of publicly available electronic communications networks or services – in essence, telephone and internet providers – to retain data on user activity.

● The Data Protection Directive prescribes that personal data should be retained only for so long as is necessary for the purpose which it was processed, after which it should be deleted.

Document retention regulations and procedures vary widely in different countries, which begs the question: where should a business store its data?

Businesses should carefully review all options available to them to ensure that storage of documents is appropriate and effective, taking on board their particular commercial needs and risks.

In addition, putting in place a document retention policy specific to the needs of the business will ensure not only that the correct types of documents are preserved, but also that appropriate documents are destroyed, saving storage space and costs, as well as complying with data protection legislation.

Emily Lew is an associate in dispute resolution at Herbert Smith LLP

    Last updated: 11:41am, March 31 2011