JISCMail - DATA-PROTECTION Archives

Dear All,

The relevant CPR is here http://www.justice.gov.uk/courts/procedure-rules/civil/rules/part31

The case, which was discussed on this list in April 2012, was http://www.bailii.org/ew/cases/EWHC/Mercantile/2009/2500.html

Earles V. Barclay Bank 2009 EWHC 2500 (Mercantile)

I hope this helps. I know that e-discovery laws and requirements have changed, I believe increased, since that time through statute and practice. Phil had some good comments relating to the difference between a SAR and a discovery. However, if the applicant moves from SAR to discovery, I think an organisation will need to consider its records management capacity in a new light.

Best,

Lawrence


-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Lawrence Serewicz
Sent: 07 November 2013 10:16
To: [log in to unmask]
Subject: Re: [data-protection] Methods for handling email search for SARs

I would suggest that e-discovery requirements may put you under more strain than the DPA requirements. If they go to court and require discovery, the courts are not going to be as kind as the ICO if they think the will of the court is being flouted. I am not aware of the Court saying "on the balance of probabilities you have probably given us all the relevant documents for this case." They tend to see things in black and white and you need to demonstrate that you have searched everywhere as appropriate and can explain, with a robust retention and destruction schedule, why documents do not exist or have been destroyed.

I know there was a discussion on this list a while back, in which someone, I think Jonathan, posted the relevant case, I believe involving Barclays (but not certain) or a major High Street bank concerning e-discovery. The reference to Mitchell seems to come into mind. The case involved someone who had a business account, they were overdrawn and they alleged the bank misadvised them, so the defendant's business became insolvent and the bank profited from the transaction.  He wanted all the records held by the bank for promotion discovery. The bank failed to provide relevant emails, as the client had some, and the court was not at all pleased.  They did not settle for "on the balance of probabilities".

I will search for the reference if no one else finds it.  The case resolved around an early CPR concerning e-discovery and what it meant to disclose documents.

I hope this helps put this in context.

Best,

Lawrence


-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Grimbaldus
Sent: 05 November 2013 22:01
To: [log in to unmask]
Subject: Re: [data-protection] Methods for handling email search for SARs

One of my clients is running Lotus Notes.  This is notoriously difficult to conduct Boolean searches on, especially across multiple mailboxes and time spans.

I advise negotiation to reduce the number of boxes/months to search.  Ex-employees, especially those made redundant, who are looking either for a "smoking gun" or to 'punish' their old employer, can be obdurate.  Lawyers supporting employees in reaching Compromise Agreements or taking the employer to an ET can also be difficult in this area.  They are often looking to put cost into the employer as a means of reaching a more attractive settlement.

I have seen searches that have cost the SARs team some £60,000 (what the IT outsourced charged for a non-contracted, unscheduled service).

Reacting emails can be a particular challenge, as they may contain organisational data as well as personal data, the personal data of others, and sensitive personal data (of the data subject and others).  In addition, email trails are often repetitious, meaning that any redaction has to be replicated across all copies of a particular email, or subsequent emails deleted/redacted in whole.

In one recent client instance, redacting emails for one SAR took 55 mandays.  And that was after waiting just over a week for the emails to be provided by the IT department.

M

Sent from my iPad

On 5 Nov 2013, at 12:49, Alan Phillips <[log in to unmask]> wrote:

> I'm interested in finding out how other people responsible for data
> protection in their organisations deal with the process of conducting
> email searches. Which steps do you normally follow;
>
> e.g. step 1 Try and negotiate with data subject to isolate mailboxes
> to be searched step 2 Request relevant mailboxes through the IT
> department step 3...etc
>
> Any pointers or tips would be most welcome!
> Many thanks.
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>     All archives of messages are stored permanently and are
>      available to the world wide web community at large at
>      http://www.jiscmail.ac.uk/lists/data-protection.html
>     If you wish to leave this list please send the command
>       leave data-protection to [log in to unmask] All user
> commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving messages please send to the list owner
>              [log in to unmask]
>  Full help Desk - please email [log in to unmask] describing your needs
>        To receive these emails in HTML format send the command:
>         SET data-protection HTML to [log in to unmask]
>   (all commands go to [log in to unmask] not the list please)
>    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

________________________________


Help protect our environment by only printing this email if absolutely necessary. The information it contains and any files transmitted with it are confidential and are only intended for the person or organisation to whom it is addressed. It may be unlawful for you to use, share or copy the information, if you are not authorised to do so. If you receive this email by mistake, please inform the person who sent it at the above address and then delete the email from your system. Durham County Council takes reasonable precautions to ensure that its emails are virus free. However, we do not accept responsibility for any losses incurred as a result of viruses we might transmit and recommend that you should use your own virus checking procedures.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask] All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^



________________________________


Help protect our environment by only printing this email if absolutely necessary. The information it contains and any files transmitted with it are confidential and are only intended for the person or organisation to whom it is addressed. It may be unlawful for you to use, share or copy the information, if you are not authorised to do so. If you receive this email by mistake, please inform the person who sent it at the above address and then delete the email from your system. Durham County Council takes reasonable precautions to ensure that its emails are virus free. However, we do not accept responsibility for any losses incurred as a result of viruses we might transmit and recommend that you should use your own virus checking procedures.

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^