Disclosure of documents in litigation often results in discussion between the parties and ultimately settlement of the dispute. It allows parties to build their cases and analyse their respective positions which promotes early settlement of the dispute. Once disclosure of documents has taken place, both parties can make an informed decision on how they will approach the litigation. Of course, the advantages of compulsory disclosure must be balanced against the rules on privilege and confidentiality. An opposing party in a litigation is unlikely to volunteer prejudicial documentation so disclosure is essential. In my experience, it is worth the time and expense obtaining disclosure of specific facts and documents as it often proves pivotal to the outcome of a case.
It is clear that disclosure has significant advantages in promoting early settlement which makes the FCA Review’s failure to address disclosure all the more striking. On the one hand, the FCA is encouraging customers to provide their recollection of the sales process and any written material that they consider relevant to the review of the sale yet on the other hand the banks are not being encouraged (and are under no obligation) to disclose any relevant internal documentation.
It is troubling that the FCA disclosure process is one way as the banks’ internal documentation would be very helpful in assessing whether the banks have complied with their own internal regulatory compliance list. Moreover, many of these swaps were taken out in 2007 and 2008 so borrowers’ recollections of events have faded to a considerable extent in many cases. If borrowers were able to see internal emails sent and documentation then this should refresh their memories of the sales process and enhance the information gathering process.
The banks would no doubt argue that if they had to disclose internal documentation to every borrower in the Review Process who requested it then this would be very costly and extend the time taken to complete the FCA Review. On any view the banks should meet the cost of the disclosure process as but for their mis-selling of interest rate swaps there would be no need for a Review Process (and in any event, if the borrowers’ claims were raised in Court then they would need to provide disclosure).
Furthermore the Financial Ombudsman Service (“FOS”) is able to order disclosure of documents and appears to be the FCA Review’s Appeal Process if borrowers are not satisfied with the FCA Review decision on redress. If the banks are going to be requested to disclose relevant internal documentation either by the FOS (or by Court) then there seems little point in delaying the disclosure process when it could result in redress which is acceptable to borrowers (so no further expense is incurred dealing with FOS or litigation).
Data subject access requests (“DSARs”) are becoming a common disclosure tool in disputes because the Data Protection Act 1998 (“DPA”) allows an individual to find out what information a data controller, such as a bank, holds about them. However borrowers should be aware of the Court’s view in Durant v FSA that a DSAR is not an automatic key to any information where the borrowers are named nor is it for discovery of documents that may assist in litigation.
The information covered by the DPA includes emails, manual data, and data stored on computers like voice files of trade calls and databases. It should be noted that the Information Commissioner’s view is that if data has been deleted but is recoverable by technical means then it must be disclosed in response to a DSAR so the bank should be required to search their hard drives, CDs, emails and word-processing documents.
An individual must make a DSAR in writing and should enclose a cheque for £10 to the bank (data controllers are allowed to charge up to £10 for the admin costs). The bank must comply with the DSAR within 40 days of receipt of the request. While a DSAR can be written in very general terms, we have found that a specific request setting out a list of requested documents is more productive.
It should be borne in mind that there is no obligation on the bank to provide a copy document such as an email. It is the content of the email that amounts to personal data that must be supplied so the bank is allowed to set out the personal data in a new document. The bank will need to be careful when responding to a DSAR as it needs to ensure that the identity of third parties are not disclosed so they may need to redact (delete) names or certain other information.
It is arguable from consideration of the DPA and guidance from the Information Commissioner that a company director or a partner’s information should be personal data if:
1. The company director or partner can be identified from the information.
2. The information has been used by the bank to inform or influence actions or decisions affecting the company director or partner.
3. The information focuses on the company director or partner rather than someone else, a transaction, or event.
4. The information relates to the company director or partner in his or her personal, business or professional life.
5. The information is obviously linked to the company director or partner and provides particular information about him or her.
6. The information has the potential to impact or does in fact impact on the company director or partner in his or her personal, business or professional life.
We have received the following excuses from banks to DSARs we have issued on behalf of clients:
1. The person making the DSAR is acting in the capacity of company director of the borrower so his or her data does not fall within the definition of personal data per s.1 of the DPA.
Where the company director has made comments which represent his or her personal opinion then this is personal data. If views are expressed by the borrower on behalf of third parties (the company) then this will not be personal data. While we acknowledge there will be comments which are made on behalf of the company, it is highly unlikely that not one single comment attributed to the company director is his or her personal opinion. Furthermore, the meeting minutes listing the company director as an attendee should be personal data (but clearly not the whole meeting minutes) yet the bank say nothing they hold is personal data. It is the ‘blanket approach’ by the banks which is giving rise to doubts over the internal documentation held and resulting in complaints to the Information Commissioner.
2. The mandate does not specifically mention the DPA.
Banks have produced information under the DPA without specific mention of the DPA in a mandate so the inconsistency of approach by different banks suggests that this is reluctance on the part of the banks to deal with the DSAR rather than a regulatory requirement.
3. The mandate does not specifically mention the bank to whom the DSAR is being made.
Banks have produced information under DPA without specific mention of the bank in the mandate so the inconsistency of approach by different banks suggests that this is reluctance on the part of the banks to deal with the DSAR rather than a regulatory requirement.
4. The partner of a Scottish partnership is not an identifiable living individual.
Banks have produced information under the DPA so it seems a little odd that other banks have taken the view that a partner is not an identifiable living individual. In our view documentation in which a partner is named and which relates to him or her in a business context is personal data.
5. The data relates to a Scottish partnership and is not significantly biographical in nature in relation to the borrower so the DSAR is invalid.
Banks have produced information under the DPA so it seems a little odd that other banks have taken the view that a partner is not an identifiable living individual. While we acknowledge there will be comments which are made on behalf of the partnership, it is highly unlikely that not one single comment attributed to the partner is his or her personal opinion. Furthermore, the meeting minutes listing the specific partner as an attendee is sufficiently biographical in nature to be personal data (but clearly not the whole meeting minutes) yet the bank say nothing they hold is personal data. It is this ‘blanket approach’ by the banks which is giving rise to doubts over the internal documentation held and is resulting in complaints to the Information Commissioner.
If the DSAR has been rejected by the bank then as a last resort the borrower may consider the following:
1. Complaint to the Information Commissioner
A request can be made to the Information Commissioner asking the Commissioner to decide whether the bank has complied with its legal obligations in handling the DSAR. The Commissioner is empowered to serve a notice on the bank to provide further information if it is deemed appropriate to do so.
2. Application to the Court
An application can be made to the Sheriff Court (in Scotland) or the County Court (in England) alleging that the DPA has been breached and asking for a compliance order. The Court is entitled to inspect relevant information and if it finds against the bank then it may order disclosure of the information to the DSAR applicant.
3. Claim for Damages
A DSAR applicant may be able to claim damages from their bank if he or she is able to show that loss has been sustained. A claim may also be made for any distress suffered.
The bank will need to prove that it has taken reasonable steps in the circumstances to comply with the DSAR.
There are some other options that a borrower may be able to use to obtain disclosure:
If a DSAR applicant's company or partnership is eligible for a FOS Complaint then documentation may be recovered via FOS. The Ombudsman is able to make an order for disclosure of documents in terms of DISP 3.5.11.
If court proceedings have been raised then disclosure of relevant documents by specification of documents in Scotland and the equivalent disclosure process in England.
Another option is to request documents before a court action has been raised. A s.1 order may be granted by a Scottish Court for disclosure of documents that are relevant to a court action which is likely to be raised by a borrower. These actions are relatively rare and this may be in part due to the expense incurred seeking a s.1 order. We understand the English equivalent to a s.1 Order is a search and seize order.
Do you wish to obtain documentation from your bank but are having difficulty obtaining anything? Do you require specific assistance submitting a DSAR? Do you require assistance with the FCA Review, Financial Ombudsman Complaint or raising protective court proceedings? If so, MBM Commercial LLP’s Financial Services & Banking Disputes team may be able to help you. If you wish to discuss your situation with a solicitor then please contact us on 0131 226 8200.