An independent investigation into Bristol City Council's monitoring of the social media accounts of parents and carers of children with special educational needs and disabilities (SEND) has criticised the council's practice of deleting former employees' email accounts on departure, warning that it risks creating serious information gaps that are "particularly problematic" for a public authority.
The report, commissioned by the council and completed by Aileen McColgan KC of 11 KBW, found that there was no evidence of any “widespread, routine or systematic” surveillance of individuals’ social media accounts by council staff or a breach of the Article 8 of the Human Rights Act. (see Independent investigation clears council of unlawful surveillance of SEND parents). However in her formal recommendations, McColgan states that her investigation was "made more difficult by BCC's practice of deleting the email accounts of staff when they leave.”
“In my view this approach risks significant information gaps which are particularly problematic given BCC's nature as a public authority. I recommend that consideration be given to encouraging staff to retain any personal correspondence in an identifiable folder which can be deleted on their departure while retaining all work-related matters for a suitable period after their departure."
McColgan did not identify specific evidential gaps caused by the deletions and the report made clear she was ultimately satisfied that she had been provided with sufficient material to conduct the investigation properly. She did not specify a retention period or explicitly reference the statutory framework.
As a local authority, Bristol City Council is subject to a range of statutory and regulatory obligations relevant to the retention of business records. The Public Records Act 1958 and the Local Government Act 1972, together with the Local Authorities (Executive Arrangements) (Meetings and Access to Information) (England) Regulations 2012, establish frameworks for the creation and preservation of records of public business. Work-related email correspondence generated by council officers in the performance of their functions constitutes a public record for these purposes.
The council is also subject to the Freedom of Information Act 2000, which imposes obligations to hold and disclose recorded information held at the time a request is received. The deletion of former employees' email accounts creates an obvious risk that information disclosable under FOIA is destroyed before requests are received.
The same risk arises under the Environmental Information Regulations 2004 and subject access requests under the UK General Data Protection Regulation, where individuals may have a right to correspondence that concerns them.
The Information Commissioner's Office has said in its FOIA guidance that public authorities must have records management policies that ensure business information is retained for appropriate periods, and that the routine destruction of records without assessment of their ongoing value or relevance is not compatible with FOIA compliance.

