Client data: Manage the risk, avoid the crisis...
15 March 2013
Bedell Cristin hosted a seminar yesterday, Thursday 14 March, at the Old Government House Hotel in Guernsey on the subject of data management and, in particular, electronic data management.
Chaired by Jersey Litigation partner David Cadin and with an expert panel comprising Advocate Jon Barclay from Bedell Cristin in Guernsey and Kelvin McGregor-Alcorn, a Director leading the Electronic Disclosure Group at Deloitte London, the seminar covered a large number of the challenging issues presented by electronic data management.
The amount of information in paper and electronic format produced by and available in organisations has had, and will continue to have, profound consequences.
According to Kelvin McGregor-Alcorn, director leading the Electronic Disclosure Group at Deloitte London and speaker at the Bedell Cristin seminar on data management, the average amount of data now being found in users’ corporate mailboxes on average is between 300,000 and 500,000 documents.
"Multiply that by the number of users, and even small businesses are sitting on huge amounts of ever-increasing data that you probably cannot easily delete," he said.
Under the provisions of the Data Protection (Bailiwick of Guernsey) Law, 2001, personal data must be ‘not kept longer than is necessary’.
For a business, however long data is kept there is a risk that at some stage that data might be required to be disclosed. If a business cannot comply with such a request, it may be subject to penalties.
"Data is anything that contains information which includes paper and electronic documents, emails, texts and voice records and also the metadata that goes with those documents" said Bedell Cristin Advocate Jon Barclay, adding that "how you manage and store your data now will ultimately dictate the cost, timescale and effort required to search and to produce any information required."
According to the panel, there are four key questions to ask yourself:
- What data do we hold?
- Where do we hold it?
- In what format?
- What do we actually need to keep?
As Advocate Jon Barclay said "If you have a policy and apply it then you may legitimately be able to limit the extent of requests for data that has passed its destruction date, however if you do not have a policy then there is a risk that at some stage you might have to roll up your sleeves and delve in to examine enormous amounts of data."