|
||
|
 |
          |
 |
  |
 |
 |
Working Groups -
|
Loss Prevention AlertsLoss Prevention Alert No 19 - POLICIES ON DOCUMENT DESTRUCTION AND RETENTIONThis loss prevention alert has been produced by the Loss Prevention Working Group (LPWG) of the AGS. It highlights issues that the LPWG considers may be of relevance to members. It is not intended to provide a definitive response to any issues and before taking action members should consider carefully whether they need to seek independent legal advice.
In the UK most company directors would recognize that the destruction of a document which is the subject of a subpoena would offend the law. However, many may not realise the serious issues to be considered about managing documentation in the course of everyday business. The powers afforded to UK regulators today mean that businesses have to tread carefully when deciding which documents they must keep and which they should destroy. In the US it is widely accepted that regulators have draconian powers, but UK regulators are fast catching up. Included in their armory of powers is the right to deal with those who do not manage their documents adequately. It is not easy to get it right, and it is not usually possible to pass liability down the line to junior employees. Senior executives are increasingly being held accountable and this includes breaches committed by junior members of staff with whom they might never even have had contact. Most, if not all, regulators in the UK have criminal powers. This means that they can conduct interviews under caution, exercise powers of arrest, seize documents, and prosecute criminal offences. Companies can be fined (even sufficient to put them out of business) and directors and senior officers face potential personal criminal liability, including fines and jail sentences. Some regulators, such as the Health and Safety Executive, have “name and shame” websites. Different pieces of legislation require businesses to preserve different types of documents for different periods of time. For example, some records are required by Finance Act legislation to be kept for four years; other legislation requires some documents to be kept for longer, others for less. Breach of such statutory requirements can constitute a criminal offence. Moreover, a person involved in court proceedings (whether civil or criminal) has an obligation to preserve documents that relate to matters which are the subject of those proceedings. Failure to do so is punishable as contempt of court. Furthermore, the Companies Act 1985 prescribes punishment (which can take the form of fines and imprisonment) for destroying documents in cases where the destroyer cannot prove that he had no intention to defeat the law. Every company needs a document retention policy to ensure that it does not fall foul of the myriad regulatory and legal pitfalls. This is not only to ensure compliance with regulatory obligations, but also because there are many circumstances where a firm may wish to keep documents in order to protect itself from civil claims in the future. This is without even considering the brand equity damage that can result from these kinds of issues - as can be seen from the press coverage of the Enron affair. And how many companies are geared up to comply with access requests under the Data Protection Act? A simple request for personal data has been known to throw businesses into chaos as they strive to avoid breach of the onerous obligations under the Act. Not only do businesses need a document retention policy, but they need to ensure that it is rolled out to staff properly with appropriate training and apportionment of senior management responsibility, as well as a monitoring programme. But is it a document retention or a document destruction policy that is required? Some might say that if you keep everything for ever there will not be a problem, but nothing could be further from the truth. Quite aside from the commercial implications of keeping everything, the Data Protection Act has made matters much more complicated. Documents which contain personal data need to be kept no longer than necessary for the purpose for which those data were obtained. Breach is a criminal offence. The Information Commissioner has powers to interview directors and managers under caution and has used those powers to interview senior executives of well-known companies. The Data Protection Act no longer applies only to computer- held records. Since October 2001 it has applied to paper records too, and from 2007 it will apply to old documents. Getting it right is not easy but UK businesses and directors ignore the wider issues at their peril.
Prepared for the Members of the AGS by Steven Francis, DLA |
