information

"Information to support your case" - obtaining it or having to disclose it

It is thought that ”information is power” and making information available to the court and the parties to a claim has long been an integral part of the litigation process. Historically, the court of equity was the initial conduit for the process of the disclosure of information, ”discovery” as it was. It used to be that, at common law, a party could not be a witness in his own case – neither the claimant nor the defendant could be their own witness (!). As a result, the earliest bills in Chancery sought discovery of facts relevant to the claimant’s (then called the plaintiff) case to assist in achieving fair and equal judgment. With the passage of time, although the aims of discovery were recognised as valuable for litigation, its development led to onerous obligations on both parties, in terms of time, risk and cost. Often, it became a weapon which was capable of producing, in equity, as much of an injustice as it initially sought to guard against.

   
Fast forward to the 21st Century and the reforms brought about by ”Access to Justice” and the Jackson recommendations. Discovery, now renamed ”disclosure”, is still considered a vital element of litigation. It is recognised that there are substantial overall benefits to the exchange of information at an early stage of the proceedings - ensuring equality of access to evidence and possibly facilitating early settlement when parties have clarification of the strengths and weaknesses of their case. Discovery was, however, also ripe for reform given the perceived problems with the often disproportionate costs involved (and the possible, resulting undermining of access to justice), the practicalities of putting together often formidable court bundles (which were then largely unlooked at during a trial) and the ever-increasing need to deal with information contained in an electronic format.


So, what is disclosure? According to the Civil Procedure Rules (the ”CPR”) , disclosure is merely a formal statement that a ”document exists or has existed”. And what is a document? The definition here includes ”anything in which information of any description is recorded” - written documents, audio tapes, videotapes, photographs, as well as electronic documents (emails, WP documents, and databases) are covered. Also covered is material not readily accessible (for example, electronic documents stored on servers and back-up systems) as well as electronic documents which have been deleted. However, it is important to appreciate that it is the information contained within the document and its relevance to the issue(s) in dispute that determines whether or not a document is disclosable. 


It is possible, in certain circumstances, for this disclosure to occur before proceedings have even been commenced. There are specific pre-action protocols across a range of dispute types as well as a general Practice Direction covering pre-action conduct. In these, potential litigants are actively encouraged to disclose relevant documents informally at an early stage (albeit only those documents which support their claim). The objective is to provide parties with ”sufficient information …to allow them to understand each other’s position” . The aim is to aid the potential parties to make ”informed decisions about how to proceed and possible approaches to settlement, possibly avoiding litigation completely”. These pre-action protocols carry much weight with the court. Knowledge of the requirements suggested by them and subsequent compliance with those suggestions is an important consideration for any potential litigant. The court has a discretion to order sanctions against a party in the face of non-compliance – in relation to disclosure, refusing to release documents has led to cost consequences for the non-compliant litigant.


Additionally, the court has various statutory powers (depending on the court/tribunal or the nature of the claim) to order disclosure from a potential party to subsequent proceedings. Under CPR31.16, there are a number of criteria that need to be satisfied for the court to consider an order for what is called pre-action disclosure - the application is between the likely parties to subsequent court (rather than arbitration) proceedings, the documents are going to be disclosable in those proceedings in any event, pre-action disclosure would be beneficial in terms of fairness, assisting in resolution of the dispute without proceedings and the lessening overall costs. Even if these criteria are met, the court has further discretion as to whether to grant such an order. 


In exercising this discretion, the court will consider things such as the nature of the claim, its potential merits and the clarity of the issues involved, the costs (both in granting the order and the impact of not granting the order), the documents sought (their volume and nature), whether the information is available from other sources, and the previous conduct of the parties (this is where compliance or non-compliance with pre-action protocols in relation to disclosure may also impact positively/negatively on a litigant’s application).

  Any documents disclosed at this pre-action stage (whether informally under a pre-action protocol or by court order) can generally only be used for the purposes of the anticipated proceedings.


Once proceedings have been commenced, the court has a further power to order disclosure against a person who is not a party to those proceedings themselves. However, there are limitations as to when such orders may be made. The information sought must only be available from the third party. Additionally, the documents to be disclosed must be likely to support the applicant’s case or adversely to affect the case of another party to the proceedings and disclosure must be necessary to dispose of the claim fairly or to save costs.


Again, even if these criteria are satisfied, it is still the court’s discretion as to whether the order will be made. For instance, no order for disclosure against a 3rd party will be given if compliance would be injurious to public interest. Nor will it be given if the definition of the document or the class of documents is not sufficiently clear and specific in the application itself. The court will also consider the interests of the non-party to protect his privacy and the confidentiality of the documents against the interests of the party seeking disclosure. This is a remedy of last resort; such an order is not going to be given routinely as the court will need to balance the rights of the 3rd party against the need of the applicant in relation to the case (the ability for it to be dealt with fairly or to save costs).


There are other well-established situations (either pre or post the issue of proceedings) where an equitable remedy involving disclosure may be ordered against 3rd parties by the court in very specific circumstances, seeking to achieve very specific results. For instance, these include:-


(a) Norwich Pharamcal orders – where an application can be made for disclosure of documents and/or information from a 3rd party who, while a non-party to the litigation, is somehow involved or mixed up in the wrongdoing (innocently or otherwise), and
(b) search orders (formerly Anton Pillar orders) - a form of mandatory injunction from a master or district judge in the High Court. Such an order allows for entry to the defendant’s premises to search for, copy and remove documents and/or material in relation to the dispute. The aim is to prevent evidence being lost or destroyed. However, given the nature of the application and its potential impact, the application must be based on a very clear case with clear evidence of the document in the defendant’s hands as well its possible destruction.

In deciding whether pre-action disclosure or disclosure from a third party would be appropriate, the court is looking to balance finding a resolution to a dispute without recourse to actual proceedings as against assisting with an applicant’s nebulous claim. The court’s various powers in relation to requiring the disclosure of information (whether pre-proceedings between the parties or from a 3rd party) are important considerations for a potential litigant. Knowing and understanding the jurisdictional criteria that need to be established for any such order are important tools in the litigant’s arsenal.

   

 

Alison Bicknell

 

 

This blogpost is for information purposes and should not be relied upon as legal advice because it does not consider or take into account your own personal circumstances. If in doubt, seek legal advice.

Your Rights - Your Personal Data

diyLAW are grateful to Ishika Patel, one of our brilliant volunteers, for her article on the impending changes in Data Privacy and Data Handling. This is for general information purposes and should not be relied upon as legal advice because it does not consider or take into account your own personal circumstances. If in doubt, seek legal advice.

Your Rights - Your Personal Data

 

The General Data Protection Regulation (GDPR) will replace the current Data Protection Act 1998 from 25 May 2018, which governs the processing of personal data.

 

What is personal data? Personal data is any information relating to you, where you can be directly or indirectly identified, including your name, identification number, address or bank account details.

 

What is a data controller? A data controller is a person (individual or company) that determines the purposes and means of processing your personal data.

 

What is meant by “processing”? Anything that is done to, or with your personal data e.g. collecting it, or storing it.

 

I’m still confused – give me an example. Say you want to open a bank account with X BANK. You will normally be asked to fill in an application form. Filling that form with your name and address, means you are providing them with your personal data. X BANK is, therefore, the data controller. Your name and address are your personal data. X BANK collecting that information means they are processing it.

 

So how does the GDPR affect me? Why should I care?

The GDPR gives you more say over what these companies/individuals can do with your personal data. It also introduces bigger fines for data controllers that do not comply. This article discusses the different rights you have under the GDPR, including the right:

 

  1. to be informed
  2. of access to your own personal data
  3. to correct your personal data
  4. to erase your personal data/right to be forgotten
  5. to restrict processing
  6. to data portability
  7. to object
  8. not to be subject to automated decision making and profiling
  9. to be notified of a data security breach.

Right to be informed

You have the right to receive certain information from about the processing activities of your personal data. This information is usually provided in a Privacy Notice – check the data controller’s website, or just ask them if it isn’t clear to you. Information can include the purpose of using your data, your rights as described in this article and your right to make a complaint to the Information Commissioner’s Office.

 

When should information be provided?

If the data is obtained directly from you, then the information should be provided to you at the time the data is obtained.

 

If the data is obtained indirectly, say from a third party, then the information should be provided either:

  • within a reasonable period after obtaining the personal data (within one month at the latest);
  • if the personal data will be used to communicate with you, at the latest at the time of the first communication; or
  • if the data controller intends to disclose the personal data to another recipient, at the latest at the time of the first disclosure.

Right to Access your personal data

You have the right to:

  • obtain confirmation that your data is being processed; and
  • access to your processed personal data.

 

The information should be provided to you within one month of the request.

 

Are there any fees?

Access to your personal data should normally be provided to you free of charge but if your request is unfounded or excessive, the data controller may either:

  • charge a reasonable fee to provide the information or take the requested action; or
  • refuse to act on the request.

 

Additional copies may also attract a further charge. 

 

What do I need to do to get my information?

Write to the data controller including the following information:

  • full name, address and contact telephone number;
  • any information that the data controller can use to identify you from others, for example, a bank account number;
  • details of the information you require including dates where relevant.

It will also help if you say that you are making a “Subject Access Request”.

 

Also have a look on the data controller’s website, as they may have a form available for you to fill in which you may find easier.

Right to correct your personal data:

You have the right to:

  • correct inaccurate personal data; and
  • complete incomplete personal data.

 

What should I do?

Write to the data controller and be clear about exactly what the issue is. Your request must be responded to within a month. This can be extended by two months if the request is complex. If no action is being taken, this should be explained to you including your right to complain to the Information Commissioner’s Office and to a legal remedy.

 

Right to be Forgotten/erase your personal data

You can request the deletion or removal of your personal data where, for example:

 

  • it is no longer necessary for the purpose the data was originally collected/processed;
  • you withdrew your consent and no other legal justification for processing applies;
  • you object to processing for direct marketing purposes (e.g. to be contacted through advertisement);
  • it was unlawfully processed; or
  • it should be erased in order to comply with a legal obligation.

 

Your data should then be erased without delay unless the data controller has to keep it, for example, for legal reasons.

Restriction Right

You have the right to restrict the processing of your personal data when, for example:

 

  • you are disputing the accuracy of the personal data;
  • the processing is unlawful;
  • the data controller no longer needs to process the personal data but you need the personal data for a legal claim;
  • you object to the processing and the data controller is considering whether its legitimate interests override yours.

 

Data Processing Objection Right

You can object to data processing under certain circumstances, including for example:

  • direct marketing purposes (i.e. advertising through, for example, email); or
  • scientific, historical research or statistical purposes.

 

If you object, a data controller must stop processing the personal data unless the data controller either:

  • demonstrates a compelling legitimate ground for processing the personal data that overrides your interests.
  • needs to process the personal data in relation to a legal claim.

Data Portability Right

This allows you to, for example,

  • obtain and reuse your personal data across different services; and
  • transfer your personal data to another data controller.

 

Data controllers must comply with such a request within one month. This can be extended by two months if the request is complex but data controllers must inform you of this and explain why the extension is necessary. If no action is being taken, they must tell you this and why including your right to complain to the Information Commissioner’s Office and to a legal remedy.

Automated Decision Making Objection Right

You have the right to not be subject to automated decision-making, including profiling, i.e. making a decision solely by automated means without any human involvement. Profiling is a form of automated decision-making intended to evaluate certain aspects of you, such as predicting your performance at work, health or reliability.

 

Automated-decision making is allowed in certain circumstances, for example, if you consent to it or the data controller is allowed by reason of law.

Notification of a breach:

If a breach of your personal data is likely to result in a high risk to your rights and freedoms, you should be notified directly without undue delay. The notification should:

 

  • describe the nature of the breach
  • name and contact details of the data protection officer or other contact person;
  • the likely consequences; and
  • the measures taken to address and mitigate the breach.

 

There are some exceptions to the notification, including when the data controller has taken steps to ensure your personal data is no longer subject to a high risk.

 

***

The above is a summary of your rights under the GDPR. There is also additional helpful guidance on the Information Commissioner’s website.

Ishika Patel

 

 

This blogpost is for information purposes and should not be relied upon as legal advice because it does not consider or take into account your own personal circumstances. If in doubt, seek legal advice.