domingo, 8 de marzo de 2009

Trustees and Data Protection (2)


3. Duty of Confidence as a Fiduciary
If there is no contractual arrangement with
beneficiaries and the express terms of the trust are
silent or insufficient to give the trustee the approval
it requires, then quite apart from the fact that a
proposed disclosure of data may be a breach of the
Data Protection Law, the trustee may also be in
breach of its statutory duty to act in the best
interests of its beneficiaries. Beneficiaries might
allege that the sharing of trust information was for
the commercial benefit and convenience of the
trustee and its group (for example, a co-ordinated
client data base for marketing use by the group)
rather than in the interests of the beneficiaries.
It is trite law that a trustee must not profit from its
position as a fiduciary: indeed, any trustee who is
found to have done so by exploiting confidential
trust information, may be held to be a constructive
trustee of any profits made from such exploitation
and will be required to account to its trust for any
such gain. In practice, whether beneficiaries who
have not suffered any financial loss would pursue
such an argument and, if they did, whether it would
be possible to quantify and identify any gain
realised by the trustee, remain open questions.

4. Article 29 of the Trusts (Jersey) Law 1984
Article 29 provides that subject to the terms of the
trust and subject to any order of the Court, a trustee
shall not be required to disclose to any person
which allows the trustee to refuse to disclose
certain information (for example, relating to the
exercise of a particular discretion or power) in
particular circumstances. This appears to conflict
with Article 7 of the Data Protection Law, which
provides that an individual is entitled to be informed
whether personal information of which he or she is
the subject is being processed and, if so, to receive
a description of the information, the purposes for
which it is being processed and the recipients to
whom the information is to be disclosed. This
apparent conflict is dealt with under Article 1 of the
Data Protection (Subject Access Exemptions)
Regulations 2005, which provides that personal
data in respect of a trust are exempt from Article 7
of the Data Protection Law in the case of a trust (i)
the proper law of which is the law of Jersey and, (ii)
where the personal data is information the
withholding of which is authorized by Article 29.
This will not assist with the position of non-Jersey
law trusts.

Conclusion
Clearly, trustees cannot ignore their statutory obligations,
whether under trust, data protection or financial
services legislation. That said, the electronic age in
which we now live means that the sharing of data is a
common feature of modern trust administration and
this aspect of a trustee’s business needs to be managed
with care. Whilst there is a risk that a trustee may
receive complaints from beneficiaries about the sharing
of personal data, the risk of legitimate complaint can be
reduced by trustees observing the following steps:
a. The trustee should satisfy itself that the nature of
any disclosure to be made is reasonable and
proportionate to the actual or perceived benefits to
the beneficiaries.
b. It may be that certain data should be excluded from
any group information-sharing exercise. For example,
any information which relates to trusts where there
is an express prohibition on the trustee sharing data
in the manner proposed or where there is a concern
that the profile of the beneficiaries or the nature of
the trust property make it inappropriate for the
information to be made available across the
trustee's group.
c. The trustee should produce trustee minutes for
each trust to approve the disclosure proposed and
to explain the rationale for the trustee's decision.
d. The trustee should enter into an appropriate data
management agreement with all participating group
companies, to ensure clear terms on which data is
to be held, supplied and used.
e. Information about the use of beneficiary data
should be included in verification forms and/or
acknowledgments of distributions which are sent
to, and preferably completed by, beneficiaries.
f. A provision should be included in standard trust
documentation for a corporate trustrustee to make
disclosure on an intra-group basis.

domingo, 8 de febrero de 2009

Data protection and Trustees (1)

March 2007


Duties of Confidence
Corporate trustees who are part of a wider group of
companies may wish to disclose or share confidential
trust information with other members of their group, for
purposes such as system integration and streamlining,
reduction of costs, and the provision of co-ordinated
and comprehensive services. This gives rise to an
issue because all trustees owe a duty of confidence to
their beneficiaries, which usually arises in at least one
of three ways:
• under contract;
• by virtue of an express provision contained in the
terms of a trust;
• by virtue of the principle that a trustee, as a
fiduciary, is required to keep information which it
receives in its capacity as trustee confidential, and
only to disclose it where to do so is in accordance
with the terms of the trust and/or such disclosure is
considered by the trustee to be in the best interests
of the beneficiaries.
1. Contract
The terms and conditions of corporate trustees who
are part of a group will often permit the sharing of
client data held by each part of the group, subject
to certain requirements for example, to ensure that
any person who is authorised to have access to
such data must protect and maintain the confidentiality
and security of the information disclosed. Such terms
are however generally contained in documentation
entered into between the trustee and the settlor and
not between a trustee and the non-settlor beneficiaries.
Even if the settlor has approved the intra-group
disclosure of information by the trustee, there is no
such approval by the beneficiaries, and the trustee
does not have contractual protection in relation to
any complaint made by a beneficiary.
2. Express Terms of a Trust
The terms of a settlement may expressly permit
disclosure of information to such persons as the
trustee from time to time considers appropriate
and, if so, the trustee has the power to make such
disclosure without the need for express beneficiary
approval although it must still exercise such power
in the best interests of the beneficiaries.

A trust instrument may, on the other hand,
expressly prohibit the trustee from disclosing
information about the trust and its beneficiaries to
any other party, including related companies. Most
trust instruments are unlikely to be so prescriptive
but before making disclosure, a trustee should
check whether such a provision is included.
Whilst no financial loss to the trust may arise from a
trustee's decision to share information in a manner
which is contrary to the terms of the trust, which
means that any claim by the beneficiaries is unlikely
to succeed, regard must be had to the view of the
regulator, if complaints are made by beneficiaries
about the trustee's conduct.
In broad terms, the Data Protection (Jersey) Law
2005 (the "Data Protection Law") requires a data
subject (in the case of a trust, the beneficiary whose
personal data is held by the trustee) to consent to
any proposed processing of his or her personal
data. "Processing" is defined by the Data
Protection Law and includes obtaining, recording
and holding information or data. The question is,
would the express terms of a trust impliedly provide
the required consent to the processing of a
beneficiary's data?
Know your client requirements mean that trustees
now obtain, hold and process far more personal
data about beneficiaries than they were required to
in the past. Such data is often personal in
nature and needs to be processed in accordance
with the Data Protection Law and the eight data
protection principles enshrined in that legislation.
The principles originate from the European Data
Protection Directive and are therefore similar to
data protection requirements in the UK and
Guernsey: such principles include a requirement
for a data controller, which would include all trust
companies in Jersey, to process personal data only
for those purposes for which it was collected and
to guard against the unlawful processing of such
data. This means that a beneficiary should consent
to any proposed sharing of his or her personal data,
and a trustee should consider (a) whether the
express terms of a trust are sufficient to provide
such consent or (b) whether the beneficiary has
otherwise consented to the sharing of his or her
data. If not, then at the very least additional steps
will need to be taken by the trustee to make the
beneficiaries aware of the nature of the data
processing taking place.

domingo, 11 de enero de 2009

Deslocalización (2): servicios que pueden deslocalizarse


En la anterior pagina web se mencionan los "Servicios que pueden deslocalizarse"

Le indicamos algunos de los servicios que pueden deslocalizarse, pero Ud. como conocedor de su negocio o actividad profesional, probablemente puede ver las ventajas de contratar “fuera” algún otro:

Mantenimiento de sistemas de la información.
Servicios de atención al cliente.
Centros de llamadas telefónicas, call centers.
Servicios de análisis.
Desarrollo y mantenimiento de servicios informáticos.
Desarrollo de programas informáticos.
Diseño técnico.
Diseño gráfico.
Investigación y desarrollo.
Servicios de ingeniería y arquitectura.
Sistemas de información.
Ingeniería de sistemas.
Servicios ISP (Internet Service Provider).
Desarrollo y mantenimiento de páginas web.
Delineación.
Digitalización de documentos, planos, catalogos, formularios, publicaciones, listas de precios, en formato digital o de internet.
Entradas de datos.
Recopilación de información.
Etc.