3. Duty of Confidence as a Fiduciary
If there is no contractual arrangement with
beneficiaries and the express terms of the trust are
silent or insufficient to give the trustee the approval
it requires, then quite apart from the fact that a
proposed disclosure of data may be a breach of the
Data Protection Law, the trustee may also be in
breach of its statutory duty to act in the best
interests of its beneficiaries. Beneficiaries might
allege that the sharing of trust information was for
the commercial benefit and convenience of the
trustee and its group (for example, a co-ordinated
client data base for marketing use by the group)
rather than in the interests of the beneficiaries.
It is trite law that a trustee must not profit from its
position as a fiduciary: indeed, any trustee who is
found to have done so by exploiting confidential
trust information, may be held to be a constructive
trustee of any profits made from such exploitation
and will be required to account to its trust for any
such gain. In practice, whether beneficiaries who
have not suffered any financial loss would pursue
such an argument and, if they did, whether it would
be possible to quantify and identify any gain
realised by the trustee, remain open questions.
4. Article 29 of the Trusts (Jersey) Law 1984
Article 29 provides that subject to the terms of the
trust and subject to any order of the Court, a trustee
shall not be required to disclose to any person
which allows the trustee to refuse to disclose
certain information (for example, relating to the
exercise of a particular discretion or power) in
particular circumstances. This appears to conflict
with Article 7 of the Data Protection Law, which
provides that an individual is entitled to be informed
whether personal information of which he or she is
the subject is being processed and, if so, to receive
a description of the information, the purposes for
which it is being processed and the recipients to
whom the information is to be disclosed. This
apparent conflict is dealt with under Article 1 of the
Data Protection (Subject Access Exemptions)
Regulations 2005, which provides that personal
data in respect of a trust are exempt from Article 7
of the Data Protection Law in the case of a trust (i)
the proper law of which is the law of Jersey and, (ii)
where the personal data is information the
withholding of which is authorized by Article 29.
This will not assist with the position of non-Jersey
law trusts.
Conclusion
Clearly, trustees cannot ignore their statutory obligations,
whether under trust, data protection or financial
services legislation. That said, the electronic age in
which we now live means that the sharing of data is a
common feature of modern trust administration and
this aspect of a trustee’s business needs to be managed
with care. Whilst there is a risk that a trustee may
receive complaints from beneficiaries about the sharing
of personal data, the risk of legitimate complaint can be
reduced by trustees observing the following steps:
a. The trustee should satisfy itself that the nature of
any disclosure to be made is reasonable and
proportionate to the actual or perceived benefits to
the beneficiaries.
b. It may be that certain data should be excluded from
any group information-sharing exercise. For example,
any information which relates to trusts where there
is an express prohibition on the trustee sharing data
in the manner proposed or where there is a concern
that the profile of the beneficiaries or the nature of
the trust property make it inappropriate for the
information to be made available across the
trustee's group.
c. The trustee should produce trustee minutes for
each trust to approve the disclosure proposed and
to explain the rationale for the trustee's decision.
d. The trustee should enter into an appropriate data
management agreement with all participating group
companies, to ensure clear terms on which data is
to be held, supplied and used.
e. Information about the use of beneficiary data
should be included in verification forms and/or
acknowledgments of distributions which are sent
to, and preferably completed by, beneficiaries.
f. A provision should be included in standard trust
documentation for a corporate trustrustee to make
disclosure on an intra-group basis.
