The Data Protection Act 1998

Its impact on the Corporate Trustee’s Right to Withhold Information of a Confidential or
Personal Nature from Beneficiaries
Miles Shillingford
(taken from Isssue No 11 –  April 2000)

The Background

The need for data protection law first arose in the 1970’s with the growing use of computers and the desire to protect the individual from the threat to personal privacy posed by the vastly increased ability to misuse and manipulate data about individuals. The 1984 Act introduced a requirement to register with the Data Protection Registrar where a data user automatically processed personal data (information relating to a living individual who can be identified from the information, including an expression of opinion about the individual). A data subject had the right to request access to any personal data held on him or her for a small fee, and the request could be enforced by the Registrar or the courts.

Then came the European Data Protection Directive (95/46/EC), which had as its objective an equivalent level of protection for personal data in all member states. It applies not only to data processed wholly or partly by automatic means but also to manual data held in a filing system structured by reference to individuals. Member States were required to bring the Directive into force before 28 October 1998.

The new Data Protection Act 1998 substantially brought the provisions of the Directive into force from 1 March 2000. The most significant change in terms of time and expense of compliance is that, subject to the transitional provisions, material forming part of a `relevant filing system` will be caught by the Act’s provisions. This is defined in s.(1) as

`any set of information relating to individuals to the extent that, although the information is not processed by means of equipment operated automatically in response to instructions given for that purpose, the set is structured, either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific information relating to a particular individual is readily accessible. `

Although the precise ambit of this definition is far from clear, its key components are that the manual filing system is:

(a) structured by reference to individuals;

(b) so that specific information relating to a particular individual is readily accessible.

If manual data do not form part of a relevant filing system then, so far as that data is concerned, there is no need to comply with the provisions of the Act. That might mean that a single binder which contains personal data, but is not structured so as to render the information readily accessible, or an unstructured collection of papers which only incidentally contains personal data, is outside the Act. However, the general view is that a business organisation which enters data about a living individual on its personal or correspondence files for the purpose of making use of that information in connection with the business the organisation will be recording information as part of a relevant filing system.


1.       The first and main consequence is the necessity of registration. It is illegal to process personal data without notifying the Commissioner. However, there are two possible escape routes. First, registration is only compulsory in the case of automatically processed data. A data controller/processor is able to exclude his manual records from the registration even if they fall within the definition of a relevant filing system considered above: s.17(2). Secondly, apart from various specific exemptions (which so far as material will be considered below), the Home Secretary is (in accordance with the Directive) given power to make exemptions from notification if it appears to him that the processing of a particular description is `unlikely to prejudice the rights and freedoms of data subjects`: s.17(3). This applies to automatically processed as well as manual data. Although that power is widely expressed, and the Government are known to have voiced concern over the unnecessary bureaucratic impact of the 1998 Act on small or medium size businesses, it is too early to say whether much use is going to be made ofs.17(3). Note that neither of these escape routes discharges the data controller/processor altogether. They may still become liable to make certain information available on receiving a written request.

2.      The second consequence is that it is the duty of data controllers to comply with the eight data protection principles: Schedule 1. These are that personal data should be:

 (1)     processed fairly and lawfully;

 (2)     obtained and processed for specified and lawful purposes;

 (3)     adequate, relevant and not excessive;

 (4)     accurate and up-to-date;

 (5)     held for no longer than necessary;

 (6)     processed in accordance with the rights of data subjects;  

(7)     kept secure; and

 (8)     not transferred to a country outside EEA unless it provides adequate protection.

These are not wholly new (only number (8) did not appear in the 1984 Act), but the head of the Home Office drafting team described the old principles as `false friends`, because the wide meaning of data processing and the lack of registered purposes under the new Act means that they are more far-reaching in effect. The first principle is certainly this. Just about any activity amounts to `processing`, including opening and reading a file or calling up a piece of information on a screen. The principles, one would have thought, were aimed mainly at abuse of the kind of situation where, e.g. market research organisations obtained, and traded in, lists of customers’ names and addresses (list rentals) or reports were compiled dealing with individuals’ creditworthiness. However, they strike much deeper than this. In the ordinary case the first principle will only be fulfilled if the data subject has given his consent to the processing. The consent may be implied but not from a failure to respond. There are five exceptions where the consent of the data subject is not required because the processing is considered necessary for specific reasons:

(1) for the performance of a contract to which the data subject is a party, or taking steps at the request of the data subject with a view to entering into a contract;

(2) for compliance with any legal obligation to which the data controller is subject, other than an obligation imposed by contract;

(3) for the protection of the vital interests of the data subject, (narrowly construed as essential for the data subject’s life or at least of very great importance to him/her);

(4) for the administration of justice, public duties, etc

(5) for the purposes of the legitimate interests of the data controller, except where unwarranted by reason of prejudice to the rights and freedoms or legitimate interests of the data subject.

The last exception is quite widely drawn, but, as it involves a balancing exercise between the interests of the data controller and the data subject, poses practical difficulties for those advising on compliance. It may assist that the Home Secretary is given power to specify circumstances in which this condition is, or is not deemed, to be satisfied: Schedule 2, para. 6(2).

Rather stricter conditions have to be satisfied in the case of `sensitive data` which includes, e.g.. data relating to an individual’s physical or mental health, but the detail is outside the scope of this article: Schedule 3.

3. The third and, from the viewpoint of corporate trustees, probably the most serious consequence of the Act is the extensive new right of access it affords to individuals to personal data being processed about them. s.7 in effect provides that any individual who believes that he or she is the subject of data being processed by or on behalf of a data controller is entitled on making a `subject information request` (and for a small fee) to be promptly informed whether that is the case, and, if so the nature of the information, the purpose for which it is being processed and the recipients or classes of recipients to whom it is or may be disclosed. In addition, the individual is entitled to have communicated to him/her in an intelligible form the information constituting any personal data of which the individual is the data subject and any information the data controller has as to the source of that information. Specific rights are given to object to automated decision-making, e.g. ` credit-scoring `, the process whereby a computer makes a decision as to whether to extend credit to an individual on the basis of information about the individual keyed into it. In such cases the individual is entitled to be informed of the logic involved in making that decision. Although the Act confers a number of important specific exemptions, e.g. legal professional privilege, confidential references, management planning, there is no general exemption for information the disclosure of which would amount to a breach of confidence under the general law. Significantly, s.27(5) provides that, except for the exemptions expressly provided by the Act,

`the subject information provisions shall have effect notwithstanding any enactment or rule of law prohibiting or restricting the disclosure, or authorising the withholding of information`

That said, s.38 gives the Home Secretary power to exempt from the subject information provisions data consisting of information

`the disclosure of which is prohibited or restricted by or under any enactment if and to the extent that he considers it necessary for the safeguarding of the interests of the data subject or the rights and freedoms of any other individual that the prohibition or restriction ought to prevail over those provisions`

Application of Subject Information provisions to confidential material held on trustees filing systems

There are a number of situations where the Act is giving cause for concern, of which the following are the main examples. What follows is not intended to be any more than an exploratory review of the perceived areas of difficulty, and it is strongly recommended that readers of this article and members of TACT should take their own specific advice on any issue which concerns them.

1. The first is whether, if discretionary trustees are faced with a subject information request from a disgruntled potential beneficiary under the new Act, they will be compelled to disclose information which would otherwise be protected from disclosure under the trust principles laid down in Re Londonderry’s Settlement [1965]Ch. 918, Hartigan v Rydge [1992] NSWLR 405 and Wilson v Law Debenture Trust Corporation [1994] Pension Law Reports 141, that is, memoranda relating to deliberations/inquiries as to the manner in which the discretion should be exercised between beneficiaries, letters of wishes and reasons for decisions or other information which the settlor expected to remain confidential to the trustees or which the trustees themselves regarded as too sensitive and likely to embitter family feelings to disclose.

I have to say that, (leaving aside scaled or secret instructions or wishes or information subject to a secret password in the settlor’s or a third party’s possession, which 1 accept would not be information within the control of the trustee until such time as they have to be opened), my reading of the Act is that this kind of information about the data subject might well have to be disclosed where a proper request was made by the data subject. It would not, as the law now stands, be a good answer that the data was confidential to the trustees/data processors, even (it seems) where that was established by a confidentiality clause in the will or trust deed. As stated above, there is no exemption for information which has been given to a data processor in confidence, and clearly the legal privilege exemption, (although it is capable of applying to lawyers employed by corporate trustees as well as those in private practice), does not usually extend to this type of material.     A question arises whether trustees can refuse a request relating to material of this kind where it relates to third parties e.g. where the memoranda in question give reasons showing why other beneficiaries should be, or have been, preferred, or show a trustee or member of the panel exercising the discretion arguing against the selection of the potential beneficiary making the request. In the event that a third party is likely to be identified by disclosure of the information in question, s.7(4) provides that the controller may refuse to comply with the request unless either the third party consents or it is reasonable in all the circumstances to comply with the request without the consent of the third party. The Act contemplates that where possible, names or other material which might identify the third party should be blanked out: s.7(5). s.7(6) seems to contemplate circumstances where the public interest may dictate that a duty of confidentiality owed to a third party is a sufficient reason not to comply with the request, although it may not be if no steps have been taken to seek the consent of the third party. A similar kind of issue arose before the Act in the Gaskin No.2/1988/146/200 case in the European Court of Human Rights, where the Court held that the applicant, who had been in care for most of his life was entitled to his child care records, on the ground that his right to receive information about his childhood (Article 8 – right to respect for family life) outweighed the public interest in protecting the confidentiality of contributors to child care records. The Court ruled that the British system before the 1998 Act was flawed, notwithstanding that the contributors made their contributions in the expectation that confidentiality would be respected, because

`such a system is only in conformity with the principle of proportionality if it provides that an independent authority finally decides whether access has to be granted in cases where a contributor fails to answer or withholds consent.`

It is considered that under the Act, such a system is now in place because in the UK there is now an independent authority (the Commissioner, and  ultimately the court) to decide issues of access to this type of information in accordance with the factors set out in s.7(6).

Although one may argue that it was probably never intended to alter the law restricting disclosure of this type of information to beneficiaries, the reality is that the Act now permits requests to be made, and, subject to the limitations already discussed and other provisions restricting multiple applications, there is a clear and legally enforceable duty to comply with these, and, accordingly, to ensure that data can be easily accessed, consolidated and reported, when requested. Unless exemption under s.38 can be successfully negotiated, there is a real risk that once the provisions of the Act become known, many more requests will be made by disaffected potential beneficiaries, thereby generating much additional paperwork, and expense going way beyond the fee which the data subject is required to pay on making a request. The task of dealing with the question of what information should be deleted on the ground that it identifies third parties is likely to be particularly time-consuming. No doubt it will be urged that steps be taken to limit trust documentation of this kind to a bare minimum, although that is not necessarily an appropriate or effective way of achieving a balance between discharging one’s fiduciary duties while limiting the impact of the Act. The preferred route will be to establish some practical ground rules with the Commissioner, who will be aware of Government concerns that the Act should not be seen to be too heavy handed with the business community.

I have referred to the Home Secretary’s power to make exemptions from the subject access provisions, but I am far from sure whether this would afford an effective escape from the problem for various reasons:

(a) s.38 in terms limits the Home Secretary power to in this respect to information the disclosure of which is prohibited or restricted by or under any enactment. Unlike Jersey, the Cayman Islands and other foreign trust laws, which have codified the Londonderry principle, our trust legislation has not. (Nor does the new Trustee Bill contain any such provision). It seems odd that the exemption should be so limited, and one wonders whether such limitation is consistent with the original European Directive: compare s.27(5) (above)where the words are `notwithstanding any enactment or rule of law prohibiting or restricting the disclosure`.

(b) Even if the power exists, I am not convinced that it would necessarily be exercised. It is not easy to see any individual right or freedom which is infringed, awkward as it may be for the trustee. For some time the Londonderry rule has been subject to criticism as not reflecting the move in society towards greater openness and transparency, and the Act may be seen as effecting a sea change in this respect.

(c) In other respects, as we have seen, the Act upholds the data subject’s right to be informed of `the logic involved in any decision-taking`. This echoes the dissenting judgement of Kirby P. in the Australian case of Hartigan v Rydge [1992] NSWLR 405 where he says:

`There is no need for the trustees to fear undue harassment by the beneficiaries, or for that matter by the courts. The courts will uphold the discretion reposed in trustees by the trust deed so long as they repose their duties bona fide and without malice. The courts will refuse to supervise the merits of a trustee’s decisions so long as they conform to these minimal requirements. It is because of the very limits of curial intervention that the trustees should ensure that they have the requisite information with which to make the right decisions. If they deny access by beneficiaries to documents such as the memorandum of wishes in this case, they may make their decisions in ignorance of matters known to members of the family which would have helped them. Or they may do so with assistance of half understood facts provided by a solicitor with partial knowledge or with access to some beneficiaries only.`

(d) In his lecture `Some Trust Principles in the Pension Context printed in [1996] Pension Law Report, Lord Justice Robert Walker commented somewhat unfavourably on the Londonderry rule as applied to pension trusts, and said that whatever their strict obligations pension trustees would in his view be well advised, in almost all circumstances, to adopt a policy of the utmost openness. `Secrecy breeds suspicion`.

(e) In administrative law, as Sir Robert also pointed out, the tide is running towards a general duty to give reasons for decisions, and I would expect the Home Office, being more steeped in that background, to be unsympathetic to allowing a special case to be made for trustees based on family and personal considerations which are somewhat hard to define.

Accordingly, I am somewhat pessimistic as to the possibility of securing a generalLondonderry exemption, but there may be some scope for one where there is an express confidentiality clause in the trust or will or a request that a letter of wishes be kept secret, as that can be said to touch on the rights and freedoms of the settlor as an individual.

2.   The second situation which is giving cause for concern is the one where a corporate trustee performs a will writing service and retains will files relating to a particular testator during his lifetime, having used its computer system to prepare the will. The question is whether during such testator’s lifetime the trustee would be obliged to give information to an individual making a request where the will file disclosed instructions or discussions relating to such individual as a potential beneficiary or an alteration in such individual’s entitlement under the testator’s will. The background to this is that under English law solicitors do not have a monopoly in the preparation of wills for reward, and indeed many such wills are prepared by executorship departments of corporate trustees and other like organisations (even where they are not named as executors) without a solicitor being directly involved. Such documentation, if held in solicitors will files would clearly qualify for the legal professional privilege exemption. Privilege extends to communications between lawyer and client made confidentially for the purpose of seeking or giving legal advice, including advice as to what should prudently and sensibly be done in the relevant legal context: Balablel v Air India[1988] Ch.317 per Taylor L.J. at 330 . In another Court of Appeal case, Lord Denning said of solicitors (and barristers) employed by a commercial organisation:

`They are regarded by the law in every respect in the same position as those who practice on their own account. The only difference is that they act for one client only and not for several clients. They must uphold the same standards of honour and etiquette. They are subject to the same duties to their clients and the court. They must respect the same confidences. They and their clients have the same privileges.` Crompton v Customs & Excise Comrs [1972] 2 QB 102 at 129.

In the case of wills prepared by organisations providing will-writing services, the relationship goes further than that of an `in-house` lawyer, because a duty is owed primarily to each client for whom a will is prepared, and/or for whom the custody of that will is undertaken. In a recent case Esterhuizen v Allied Dunbar [1998] 2 FLR 668 it was confirmed that a company who prepared a will for reward owed the same duty of care as a solicitor. A layman might be forgiven for assuming that the law of privilege ought by analogy to extend to all will files held by the corporate trustee will-preparer, as it does to those held by a solicitor, particularly as their duties are the same. However, it is arguable that it does not. The way privilege has developed historically means that it may depend on the extent to which it could be said that a qualified lawyer was involved. If the department was headed by a solicitor that might well be sufficient. It has to be said that there is a `grey area` still to be explored, and, for this (and other) reasons, it is possible to envisage cases where legal professional privilege would not apply to a will file which was subject to a request, unthinkable as this might seem in the context of an Act aimed at protecting the right to private life.

In view of that uncertainty, 1 have considered whether exemption might be claimed under s.36 on the basis that a will and all instructions and correspondence relating to it between the testator and the preparer are `personal data` being processed by the testator for the purpose of the testator’s personal, family or household affairs. Applying normal English canons of interpretation, on the face of it, this would only apply if the will and papers relating thereto were held by the testator personally as opposed to being held by an agent instructed on his or her behalf. However perhaps the agency argument would be attractive to the Commissioner, bearing in mind that legislation must now be read and given effect in a way which is compatible with European Convention rights, and that Article 8, which provides that every person is entitled to respect for private and family life, his home and his correspondence, is now incorporated into English law: Human Rights Act 1998, s.3, and Schedule 1, Part 1.

This is clearly a most unsatisfactory position. The matter ought, in my view, to be taken up with the Commissioner with a view to establishing whether in the event of a request being made she would accept that the above or any other exemption might be applied. If the outcome is inconclusive, I would have thought there would be a good case for seeking exemption under s.38, one of the grounds being that in so far as the Act requires material of this kind to be disclosed to any one other than the testator, it is a significant and disproportionate interference with the rights under Article 8 of testators wishing to avail themselves of such will-making or depositing services, and possibly also with the Convention rights of the companies concerned (as legal persons), whose reputation might suffer if it was perceived that they were not able to conduct their business with the same degree of confidentiality as is afforded to a solicitor.

Miles Shillingford, MA Barrister,
11 New Square, Lincoln’s Inn.