The subject of document and information sharing with beneficiaries can be fraught with risk for a trustee: disclosing too much and risk creating a rod for the trustee’s own back, causing upset or breaching confidentiality on the one hand. On the other, risk disclosing too little, giving rise to tension in the trustee’s relationship with its beneficiaries. Whether it is appropriate to disclose and how much to disclose in each situation requires careful analysis of the circumstances and scope of the request, as well as the legal principles. This is an area of the law dominated by rebuttable presumptions and there are few, if any, hard and fast rules.
In addition to the established trust law principles governing the sharing of documents and information with beneficiaries, a novel new front has opened on the battlefield – data protection.
Data protection legislation is often associated with being the reason why information may not be disclosed to those interested in obtaining it. However, both the Data Protection Act 1998 (DPA) and its Jersey equivalent, the Data Protection (Jersey) Law 2005 (DPL) contain extensive provision for the rights of data subjects to seek access to personal data held about them.
In a novel application of data protection principles to disclosure in the context of a trust dispute, the English Court of Appeal in Dawson-Damer v Taylor Wessing has recently ordered extensive disclosure of personal information in trust documents to beneficiaries under a ‘Subject Access Request’ (SAR).
Mrs Dawson-Damer was a beneficiary under a Bahamian law trust. She was suing the trustee in the Bahamas. Taylor Wessing were the trustee’s London lawyers. In 2014, Mrs Dawson-Damer made a SAR to Taylor Wessing seeking personal data relating to herself and her children (who were also beneficiaries) of the trust held by the firm.
Taylor Wessing relied upon the exemption in Schedule 7 of the DPA in respect of personal data that consists of information to which legal professional privilege would apply.
Mrs Dawson-Damer applied to court for an order compelling Taylor Wessing to comply with the SAR under section 7(9) DPA.
A High Court judge dismissed the application, but this decision was overturned by the Court of Appeal.
The three issues present in this case were:
Schedule 7, Para 10 of DPA exempts the disclosure of personal information under a SAR where “the data consist of information in respect of which a claim to legal professional privilege … could be maintained in legal proceedings. “
Under Bahamian law, which governed the trust, there was extensive statutory exemption from the trustee having to disclose the following documentation to the beneficiaries:
In Jersey law, such documentation or information would have to be disclosed if it was relevant to a matter in dispute between the trustee and beneficiaries within the context of hostile proceedings. Under Bahamian law, it appeared that such documentation and information could be withheld from disclosure, even if the trustee was being sued for breach of trust and such documentation was relevant to that dispute.
The issue before the Court of Appeal was whether the privilege exemption in Schedule 7 was confined to privilege, as narrowly defined in English law, to include legal professional privilege. Or whether it encompassed any basis upon which the trustee could refuse disclosure (to include the material falling within the above statutory exemptions from disclosure permitted in Bahamian law.)
The narrow interpretation prevailed and the exemption only extended to a “relevant privilege according to the law of any part of the UK.”
The second issue was whether any further search would involve ‘disproportionate effort’ for the purposes of section 8(2) of the DPA.
This provision qualifies the obligation in section 7(1)(c)(i) of the DPA, which is to provide copies of the information sought in permanent form, “unless … the supply of such a copy is not possible or would involve disproportionate effort.”
The Court of Appeal decided that section 8(2) relates to both the ‘supply’ of and the search for such information.
However, an issue the Court did not get into at all is the concept of ‘disproportionate effort.’ This is only engaged if the information is to be provided in permanent form. If it is not to be provided in permanent form (for example, by permitting the data subject to review the data at the data controller’s premises), the concept of ‘disproportionate effort’ should not apply.
In determining disproportionate effort, “the word ‘supply’ is used so that what is weighed up in the proportionality exercise is the end object of the search, namely the potential benefit that the supply of the information might bring to the data subject, as against the means by which that information is obtained. It will be a question for evaluation in each particular case whether disproportionate effort will be involved in finding and supplying the information as against the benefits it might bring to the data subject.”
It is not clear from the Court of Appeal’s judgment, whether the balancing act required in the concept of proportionality is not against the benefits to be obtained by the data subject, but relative to the size of the dataset being searched. To spend 100 hours searching a small dataset might well be disproportionate, but to do so against a very large dataset would not be.
In any event, Taylor Wessing’s total failure to review certain files (because it had relied on privilege as an absolute bar to disclosure) would never suffice. The data controller must consider what data it holds and assess on a case-by-case basis as to whether such data is exempt from disclosure.
The Court’s Discretion
The trial judge had decided that he could, in his discretion, refuse to make the order sought, because the beneficiaries’ real motive in seeking the documentation was to use the information from the SAR in legal proceedings against the trustees.
In reality, almost all SARs have some other collateral purpose to them. There will usually be something going on in the background that has prompted the SAR, which is why the beneficiary wants the information.
The Court of Appeal concluded that the discretion in section 7(9) DPA is a “general discretion”, which it had to apply with a view to fulfilling the purposes of the DPA, which confers rights on data subjects. The Court reflected that “it would be odd if the verification of data was always in practice a complete aim in itself which excluded all others… neither the Directive nor the DPA compels that interpretation. Nor has Parliament expressly required a data subject to show that he has no other purpose.”
However, where an application under section 7(9) DPA “was an abuse of the court’s process… or if the claimant was a representative party who had some purpose which might give rise to a conflict of interest with that of the group or body he represents,” the outcome might be different.
The decision is likely to have far-reaching and unexpected ramifications for both professional trustees and their legal advisers.
But why is this significant for Jersey? The Data Protection (Jersey) Law 2005 is modelled on the UK’s Data Protection Act 1998 and has precisely the same wording applicable to the exemption for data that is subject to legal professional privilege. One might suppose that if the issue came up for consideration before the Jersey Royal Court, the same approach that was taken in England might be adopted.
Jersey, unlike England has made specific provision for subject access requests against trustees. The Data Protection (Subject Access Exemptions) (Jersey) Regulations 2005 preserve the efficacy of what is known as the Re Londonderry exception from disclosure on demand which finds expression in Article 29 Trusts (Jersey) Law 1984. The effect of these regulations is that if the information or data can legitimately be withheld from the beneficiaries under Article 29 is it not amenable to a subject access request by beneficiaries. Were a trustee to rely upon Article 29 as a basis upon which to decline disclosure of legal advice to beneficiaries, the Royal Court would then have to consider the interaction of the legal privilege exemption with whether the legal advice in question falls within any of permissible categories of documents or information that may be withheld under Article 29 Trusts (Jersey) Law. Nothing in the 2005 Regulations prohibits the Royal Court ordering disclosure under its inherent supervisory jurisdiction or under RCR rule 6/17.
The scope of the privilege exemption has important implications for trusts of which the governing law is different from the law of the place where the SAR is made, and where that governing law is more restrictive in terms of what the trustee can withhold from the beneficiaries. The English Court decision is clear that privilege means UK law privilege. By analogy, the DPL exemption is confined to privilege as understood in Jersey law.
The privilege exemption is only really concerned with litigation privilege attaching to communications in the context of a hostile claim against the trustee. Such legal professional privilege that attaches to communications or legal advice obtained by the trustee during its administration (usually paid for by the fund) is likely to be subject to a joint privilege with the beneficiaries, and the communication cannot be withheld from them based on privilege alone.
The decision also has important implications for the way professional trustees use lawyers. In particular, trust company businesses that have long-established relationships with particular law firms are likely to have shared documents and information with that firm over a long period of time that may not be protected by privilege. A lawyer’s archive may be vulnerable to a SAR by a beneficiary.
The decision confirms that a messy filing system is not a valid excuse for why a data controller should not comply with a SAR. The data controller must produce evidence to show what it has done to identify the material and to work out a plan of action. If it fails to do so it will not have discharged its onus.
The decision also confirms the fact that a data subject has some other collateral purpose in making a SAR is not relevant to the court’s discretion whether to order compliance – albeit it may do so if the SAR is considered to be abusive.