Data protection and Trustees (1)

March 2007


Duties of Confidence
Corporate trustees who are part of a wider group of
companies may wish to disclose or share confidential
trust information with other members of their group, for
purposes such as system integration and streamlining,
reduction of costs, and the provision of co-ordinated
and comprehensive services. This gives rise to an
issue because all trustees owe a duty of confidence to
their beneficiaries, which usually arises in at least one
of three ways:
• under contract;
• by virtue of an express provision contained in the
terms of a trust;
• by virtue of the principle that a trustee, as a
fiduciary, is required to keep information which it
receives in its capacity as trustee confidential, and
only to disclose it where to do so is in accordance
with the terms of the trust and/or such disclosure is
considered by the trustee to be in the best interests
of the beneficiaries.
1. Contract
The terms and conditions of corporate trustees who
are part of a group will often permit the sharing of
client data held by each part of the group, subject
to certain requirements for example, to ensure that
any person who is authorised to have access to
such data must protect and maintain the confidentiality
and security of the information disclosed. Such terms
are however generally contained in documentation
entered into between the trustee and the settlor and
not between a trustee and the non-settlor beneficiaries.
Even if the settlor has approved the intra-group
disclosure of information by the trustee, there is no
such approval by the beneficiaries, and the trustee
does not have contractual protection in relation to
any complaint made by a beneficiary.
2. Express Terms of a Trust
The terms of a settlement may expressly permit
disclosure of information to such persons as the
trustee from time to time considers appropriate
and, if so, the trustee has the power to make such
disclosure without the need for express beneficiary
approval although it must still exercise such power
in the best interests of the beneficiaries.

A trust instrument may, on the other hand,
expressly prohibit the trustee from disclosing
information about the trust and its beneficiaries to
any other party, including related companies. Most
trust instruments are unlikely to be so prescriptive
but before making disclosure, a trustee should
check whether such a provision is included.
Whilst no financial loss to the trust may arise from a
trustee's decision to share information in a manner
which is contrary to the terms of the trust, which
means that any claim by the beneficiaries is unlikely
to succeed, regard must be had to the view of the
regulator, if complaints are made by beneficiaries
about the trustee's conduct.
In broad terms, the Data Protection (Jersey) Law
2005 (the "Data Protection Law") requires a data
subject (in the case of a trust, the beneficiary whose
personal data is held by the trustee) to consent to
any proposed processing of his or her personal
data. "Processing" is defined by the Data
Protection Law and includes obtaining, recording
and holding information or data. The question is,
would the express terms of a trust impliedly provide
the required consent to the processing of a
beneficiary's data?
Know your client requirements mean that trustees
now obtain, hold and process far more personal
data about beneficiaries than they were required to
in the past. Such data is often personal in
nature and needs to be processed in accordance
with the Data Protection Law and the eight data
protection principles enshrined in that legislation.
The principles originate from the European Data
Protection Directive and are therefore similar to
data protection requirements in the UK and
Guernsey: such principles include a requirement
for a data controller, which would include all trust
companies in Jersey, to process personal data only
for those purposes for which it was collected and
to guard against the unlawful processing of such
data. This means that a beneficiary should consent
to any proposed sharing of his or her personal data,
and a trustee should consider (a) whether the
express terms of a trust are sufficient to provide
such consent or (b) whether the beneficiary has
otherwise consented to the sharing of his or her
data. If not, then at the very least additional steps
will need to be taken by the trustee to make the
beneficiaries aware of the nature of the data
processing taking place.