Fiona J Robb, Director of Professional Practice talks about changes to the guidance on ownership and destruction of files in anticipation of the imminent arrival of GDPR.
Back in the day when a file was a cardboard folder containing papers we looked at the question of ownership of files and when the file could be destroyed. We agreed that the majority of the contents of the file were the property of the client.
Files are now more likely to be digital but the principle still holds true that most of the file belongs to the client.
- Recommended retention periods have not changed
- Law firms have to comply with the General Data Protection Regulation, just like all other organisations that process personal data. Firms should set out information for clients in their terms of business letters covering security and retention of personal data
- Law firms are data controllers in relation to the personal data that they hold for their employees, clients and third parties
- If a file is transferred by mandate it is matter of judgment whether a file should be copied, but copying may be prudent from a risk management perspective. The costs should be borne by the solicitor and the intention to retain a copy of the file should be explained in the terms of business letter
- A solicitor’s obligations to comply with GDPR need to be considered when deciding the specific date beyond which the obligation to hold a client's own documents can be said to expire. Deeds or other documents constituting or evidencing rights may need to be preserved if it can be argued that they continue to be of value.
Questions on our guidance can be directed to Professional Practice.