Civil Fraud Quarterly Round-Up: Q1 2021
Is the proposed six-year cut-off date for the deletion of data the correct way to approach the right to be forgotten, asks Mary Young.
Google users will have noticed the message at the foot of each results page that 'some results may have been removed under data protection law in Europe'. This is the consequence of the ruling by the Court of Justice of the European Union in May 2014 in a case dealing with a privacy issue known as 'the right to be forgotten'.
The ruling allows users to ask for the removal of results involving their name which are inadequate, irrelevant, or excessive. The intention behind this ruling is to protect people from damage caused by reliance on outdated or incorrect data.However, this can potentially clash with principles of transparency and open data, which are being championed by the government in its bid to target fraud and corruption and reduce irresponsible corporate behaviour.
Companies House appears to have found itself in the middle of such a clash. According to its chairman and chief executive, the agency has received 2,151 complaints about the availability of data online (Companies House 2015/16 report).
The complaints, it appears, relate to the retention of records linking individuals with dissolved companies or failed ventures, the reputational damage that can cause, and whether that retention of records is consistent with data protection law. As a result, Companies House will be looking at how data relating to dissolved companies is handled, particularly where it comprises personal data.
Formal proposals do not yet appear to have been made, but according to the Times (2 August 2016), what is being considered is the disposal of all records for companies which went out of business more than six years previously. Currently, records of dissolved companies are retained by Companies House for 20 years. A spokesman at the Department for Business, Energy and Industrial Strategy (to which Companies House reports) was quoted saying that any proposed changes will be the subject of a public consultation.
The fifth data protection principle (paragraph 5 of schedule 1 of the Data Protection Act 1998) states that personal data processed for any purpose shall not be kept for longer than is necessary for that purpose. Any challenge to Companies House's data retention policy is therefore likely to be based on questions relating to the purpose of the initial collection of data and whether ongoing retention is necessary, particularly in circumstances in which a company has been dissolved.
A dissolved company is not the same as a failed company. Sometimes companies come to the end of their useful life for one reason or another and are wound up as they are no longer required. As such, a link to a dissolved company is not necessarily a black mark against a person's business acumen. Likewise, directors brought in to try to turn around the fortunes of a failing company are not always successful: some companies end up in insolvency and eventually dissolution. That doesn't mean that the directors have been up to anything untoward.
Nevertheless, histories of consecutive insolvencies, phoenix companies which then fail in similar circumstances, or repeat patterns of unpaid debts owed to HMRC can all be helpful indicators of a wider problem with a director. This sort of information can be invaluable for due diligence purposes and in respect of investigations into directors' disqualification proceedings.
If data is no longer available on a Companies House service, the likelihood is that private companies will start to collect the data in order to provide the same service at a premium, making proper due diligence a more onerous and expensive process, which might deter smaller organisations from completing thorough checks before choosing who to go into business with. This can only benefit the unscrupulous.
Given the number of records held by Companies House (the 2015/16 annual report refers to 9,665,130 accepted transactions registered in that year alone), 2,151 does not seem to be an enormous number of complaints to be received in the course of a year. If data is incorrect, it should rightly be removed or amended, and Companies House has a process for this. However, it would surely make more sense to consider complaints on a case-by-case basis, applying data protection law to determine whether retention is necessary, instead of imposing a unilateral and arbitrary cut-off date after which all records are deleted.
Directors and shareholders are protected from personal liability for the debts of the company under the law. As Chris Taggart, the founder of OpenCorporates, the largest open database of companies in the world, says: 'the quid pro quo for that is transparency'.
This article first featured in The Solicitors Journal 7th September 2016
Skip to content Home About Us Insights Services Contact Accessibility