The new General Data Protection Regulation that has come into UK law sees updates to the rules that concern the collection, storage, usage, and destruction of personal and sensitive information. Companies and individuals working in the legal sector produce large amounts of documentation on various topics surrounding their cases and respective clients. This means that those working in the legal sector need to be up-to-date about the regulations surrounding the retention and destruction of the information they may gather for their needs. In this article, we go over the things you need to know about document retention and destruction in the legal sector.
Document Specifics
In the legal sector, different document types have different retention and destruction triggers attached to them. Specific legal sectors have varying triggers, but even documents within a specific legal sector may have different triggers or actions. For example, in stakeholder engagement, both engagements with significant stakeholders and information requests have the same retention trigger (last action) but have different actions from this trigger. Documentation of engagement with significant stakeholders should be retained for three years and then reviewed. On the other hand, information requests should be retained for 2 years and then destroyed. For the full list on the specifics of document retention and destruction, go to the Information Commissioner’s Office’s website.
Secure Retention & Destruction
Another aspect of the General Data Protection Regulation is that all information that has been collected should be retained and destroyed securely in an appropriate manner. All physical and virtual documentation should be kept in locked storage, whether that be a safe or a secure cloud system. Limited access should be given so that only those necessary can access the private information held within.
Documentation on a computer is fairly easy to destroy and the risk of access is negligible once destroyed. However, physical documentation that is not disposed of properly can fall into the wrong hands and cause lasting damage. Paper documents should be shredded so that once they enter the waste system they still cannot be accessed. Paper shredding should be the practice of every business, with most employing professional shredding service providers to effectively deal with their confidential waste. This is especially important for those in the legal sector, where the majority of paper documents produced have information on them that are considered sensitive under the General Data Protection Regulation.
With this knowledge in hand, you can now navigate the world of data protection in the correct manner. Not only will this mean you are complying with the law, but it also means that you are protecting your clients, your business, and yourself.