Scope

Maintaining business data in a systematic and reliable manner is essential to comply with our legal and regulatory requirements.  It also reduces the costs and risks associated with retaining unnecessary information.

A vital part of our Data Protection Policy and practice is that personal data is retained for the appropriate period of time, neither too long nor too short.  It is paramount that the retention period allows us to meet our legal and regulatory requirements but that the rights of data subjects are also protected.

This policy has been developed to help employees properly manage personal data in a consistent manner.  It sets out:

  • How long personal data should be retained
  • How records should be disposed of

Unless otherwise stipulated, the policy refers to both hard copy and electronic documents.  This document should be read in conjunction with our Information (Data Protection and Data Security) Management Policy.

Roles and Responsibilities

All employees, including contractors and third parties who process data on our behalf are responsible for complying with the requirements of this policy.

The Managing Partner, Jackie Gillespie is responsible for maintaining the policy.

All Department Heads are responsible for ensuring that documented procedures are in place to comply with the requirements of this policy.

It is the responsibility of all employees to ensure that they have read the most up to date version of this policy.

Policy

Information/records (hard copy and electronic) will be retained for at least the period specified in our Data Retention Guidelines (see Appendix 1).

All information must be reviewed before destruction to determine if there are special factors that mean destruction should be delayed, for example, potential litigation, complaints, ongoing cases.

Hard copy and electronically held records, documents and information must be deleted at the end of the retention period.

Each department should periodically review and determine whether they have records in their control which should be destroyed pursuant to this policy.

Suspending the destruction date

If a claim, audit, investigation, subpoena, or litigation has been asserted or filed by or against Howlett Clarke Solicitors LLP or is reasonably foreseeable, we have an obligation to retain all relevant records, including those that otherwise would be scheduled for destruction under the records retention schedule.

How long should we keep our data?

Data should be kept for as long as it is needed to meet the terms of our agreement with our customers and any applicable legal requirements.  Our Data Retention Guidelines have been agreed following an assessment of our data and the requirements of all our Regulators, together with our obligations under Data Protection Laws.

Methods of Destruction

All data, whether hard copy or electronic should be destroyed in a secure manner, preserving the confidentiality of all personal data.

All hard copy data must be disposed of in the confidential waste bins which are located in every area of the business.  Under no circumstances should confidential or personal data be put into normal waste bins.  We will maintain records of the secure destruction of all waste which is put into the confidential waste.

Our Facilities Manager, Sean Rome will ensure that all electronic data is securely destroyed in a way which cannot be restored.  They will also be responsible for ensure that any electronic equipment is securely wiped, and where appropriate securely disposed of, when it is no longer required by the business.

Sharing of Information

Duplicate information should be destroyed.  Where information has been regularly shared between business areas care should be taken to ensure that all copies of the data are destroyed in line with the Data Retention Guidelines.

Training

All employees will have their responsibilities under this policy outlined to them as part of their induction training.  All employee will complete an annual refresher of this training.  Howlett Clarke Solicitors LLp will provide further training and guidance if there are any updates made to this policy and/or the associated policies and procedures.

Monitoring Compliance

As a minimum the following will be monitored to ensure compliance with this policy: -

  • An annual Data Protection Compliance Audit which will, at the minimum assess:
    • Compliance with policy in relation to the protection of personal data, including;
      • Correct storage of personal data      
      • Deletion of personal data in accordance with the schedule

Key business stakeholders will devise a plan with a schedule for correcting any identified deficiencies within a defined and reasonable time frame.  Any major deficiencies identified will be reported to and monitored by the Managing Partner.

1. Review

This policy is owned by the Managing Partner and will be reviewed at least annually.  We will provide information and/or training on any changes we make. 

2. Related Documents

Information (Data Protection and Data Security) Management Policy.

Data Retention Guidelines

Client data

Physical files – 6 years

Electronic files  – 15 years (it may be necessary to answer queries on old matters and if the physical file is destroyed the electronic file may be referred to)  There is a limitation long stop on contractual / negligence claims therefore the firm’s policy will be to retain electronic files for 15 years

Wills – Never destroyed

Will files – Electronic file never destroyed

LPA – Never destroyed

Trust Deed – Never destroyed

Property Deed – Never destroyed

Email – 6 years

Rightwill

Rightwill hold four different data sets on the firm’s behalf.  These are set out below together with retention period:

Clients – data will be retained until post death.

Potential clients – 6 years

Employee –  6 years post-employment (subject to any legal requirements).

Recruitment data – Applicant’s information will be held electronically for a period of six months

Employee data – 6 years post-employment (subject to any legal requirements). Basic employment information (name, dates of employment, date of birth and contact information) will be held with HR securely and not destroyed post-employment

Pension data – Never destroyed

Recruitment data – Applicant’s information will be held electronically for a period of six months

Recruitment agencies – We do not accept unsolicited CVs or applicant information from recruitment agencies and these are immediately deleted