R&I spotlight on data protection [Archived]
Produced in partnership with Francesca Fellowes, Emma Garner and Helen Kavanagh of Squire Patton Boggs
R&I spotlight on data protection [Archived]

The following Restructuring & Insolvency guidance note Produced in partnership with Francesca Fellowes, Emma Garner and Helen Kavanagh of Squire Patton Boggs provides comprehensive and up to date legal information covering:

  • R&I spotlight on data protection [Archived]
  • What are the main laws and regulations governing this area?
  • Why is it relevant to insolvency practitioners? In particular, in what circumstances may liquidators or trustees in bankruptcy become data controllers?
  • Could you give some examples of the type of insolvency situations where data protection issues arise?
  • Should selling data be treated differently from the sale of other types of asset in the estate?
  • How long should personal data be retained by insolvency practitioners and at what point can this be destroyed?
  • Is there a tension between the costs of compliance with data protection laws and the obligations to not deplete the funds available for distribution in an insolvency situation?
  • What steps can insolvency practitioners take to protect themselves from liability?
  • The General Data Protection Regulation
  • What are the take away points?

ARCHIVED: This archived Practice Note provides information on the data protection regime before 25 May 2018 and reflects the position under the Data Protection Act 1998 (DPA 1998). This Practice Note is for background information only and is not maintained.

What are the main laws and regulations governing this area?

The Data Protection Act 1998 (DPA 1998) regulates the use of personal data.

Personal data is data that relates to a living individual who can be identified from that data, or from that data and other information, which is in the possession of, or is likely to come into the possession of, a data controller. It includes, but is not limited to, any expression of opinion about the individual and any indication of the intentions of a data controller or any other person in respect of the individual.

Examples of personal data which an insolvency practitioner dealing with the assets of an insolvent company may come across include employee records held by the insolvent company, customer lists, supplier contact information and individual creditor details.

In relation to insolvency practitioners’ own practice, personal data processed will include records relating to the directors of the companies in respect of which they are appointed, lists of debtors, list of creditors and the dividend distribution to the creditors.

Data protection principles

The DPA 1998 is based around the following eight