Elena Moiseeva - stock.adobe.com

How legal disclosure failures disrupted the Post Office Horizon inquiry

From overly narrow search terms, overzealous deduplication of documents and failed email migrations, poor management of legal discovery has delayed justice for postmasters in the Horizon inquiry  

The ongoing hearings in the UK Post Office’s Horizon software scandal drilled down into an area rarely addressed in detail by the courts or inquiries – the topic of legal disclosure of documents and evidence.

With the ITV drama, Mr Bates vs The Post Office, and an accompanying documentary bringing home the real human cost of the scandal there have been renewed calls for prosecutions and the Met Police are now formally investigating potential fraud on the part of the Post Office.

Attending the hearing on 12 January I had the honour of talking with some of the subpostmasters affected. Clearly jaded by the long-running inquiry, there was an obvious air of anxiety and frustration at the topic of legal disclosure.

Early on in proceedings on 12 January 2024, Jason Beer KC, counsel to the inquiry jokingly referred to the topic of disclosure as “super dry”. However, at the outset, he rightly asserted that “the disclosure of documents is the lifeblood of the inquiry and is required for a proper examination of the issues”.

The concept of Disclosure (or, in the US, Discovery) is the process by which parties to a legal matter provide the evidence they deem relevant to the issue at hand. Of course, when we tack an “e” in front to create eDisclosure, we mean “electronic disclosure” (or “eDiscovery”).

eDiscovery has for many years widened its reach outside of the world of litigation as legal disclosures of data can take many forms: from criminal and fraud matters to regulatory investigations. The nature and scope may be different, but all require a thorough understanding of the defensibility of the software, policies and procedures used to preserve, locate, review, and produce the data.

Disclosure failures

On 5 September 2023, the Post Office Ltd (the Post Office) was held to have engaged in “grossly unsatisfactory” disclosure failures during the inquiry into the Horizon IT system. The inquiry found that the Post Office had failed to disclose relevant documents to it, and that these failures were primarily the result of “process failures” at KPMG and Herbert Smith Freehills. However, the Post Office denied that there had been any deliberate decision to withhold documents.

The inquiry is rightly asking probing questions, a central issue being the questionable process of disclosure of evidence deployed in each of the individual criminal prosecutions of Post Masters that are being examined. With that context in mind, one would think that great care and attention would be taken by the Post Office and its legal advisers with the process of disclosure to the inquiry itself

In the recent hearing on disclosure issues, Chris Jackson of Burgess Salmon LLP (the Recognised Legal Representative of the Post Office, along with FieldFisher LLP) was called to update the inquiry on its progress with remediating the issues.

The testimony – at which I was present – and his witness statement go some way to unravelling a tangled web of historical information governance and evidence management issues, some three years into the Inquiry.

At a high level, the disclosure issues experienced by the inquiry to date highlight four key factors, all of which contributed to significant delays, relevant documentation being missed or incorrectly excluded and the over-production of many duplicative documents.

Search terms

The Post Office used overly narrow search terms when searching for documents. In one example given, they searched for the word “policy”, which would have excluded documents that referred to the term “policies”. To consider variations of words and phrases is a key skill within the eDiscovery so either the instructions were considered too precisely without the application of critical thinking, or other variations were considered and – in an effort to cut costs or meet deadlines – the narrower definition was used.

In his testimony, Chris Jackson sought to explain that search terms are revised to strike a balance between reasonableness and accuracy: “It’s not about reducing the number of documents; it’s about ensuring that the material that the other party or the court/tribunal/inquiry requires is obtained in the timeframe that is needed.”

Document families and deduplication

Since the days of trawling through paper files, consideration has always been given to how documents are related. For example, a bulldog clip, or a plastic wallet, would mark a delineation of some kind, adding some context to documents grouped together. In the digital age, such relationships still exist. Documents reside in a labelled folder or zip file, are attached to a chat message or email, or embedded within another document.

The Post Office – at least in parts of their review – ignored this relationship. This can bring about efficiencies in the review of hundreds of thousands of documents, because if two different emails exist with the same attachment, it might make sense to review the attachment only once. This approach works when only considering the “four corners” of a document on its own.

Unfortunately, in this and many other litigations and investigations, context is often king. By focusing only on individual documents that had one of the search terms, and suppressing duplicates of that document, emails with a different context would be excluded (unless they also had the search term present).


• Also watch: ITV’s Post Office scandal documentary: The real story.

• Also read: What you need to know about the Horizon scandal.


Further, each reviewer of documents wasn’t given explicit instruction to consider the family of a document in every case, so although they were able to refer to the family of a document, they only did so on a subjective basis.

In the recent hearing on 12 January, further issues around deduplication have come to light. A key issue raised was the delay to the testimony of Stephen Bradshaw, a Post Office Investigator. Originally scheduled for 4 November, his testimony was postponed due to late-emerging documents. A flurry of communication around incomplete and duplicative disclosures, culminating in an unexpected release of 942 documents shortly before his rescheduled appearance on 10 January. However, the testimony proceeded regardless to avoid any further delay.

It then transpired, through the flurry of chaotic communications, that many of these documents were, in fact, duplicated.

This is a situation I have witnessed many times in disclosure. Often, the idea of what is a “duplicate” varies between the technical “the bits and bytes match” through to the legal “these documents say the same thing”, and a whole spectrum between.

Such definitions should be decided at the outset and a common understanding established across legal teams and advisers to avoid challenges and confusion in later stages. On this occasion, one of many, it appears that data collected and processed by historical advisers was discovered to be in a format incompatible with the deduplication processes being applied. 

The ‘Microsoft Exchange issue’

A sole system, Mimecast, was relied upon to contain the universe of emails that was to be searched – however, it transpired that the email migration to that system in 2016 was flawed. This resulted in at least 363,000 emails (not including the attachments) that were not considered for searching or review. In considering the context given in this case, there was a broad assumption that a single journaling system was the “source of truth” and no objective assessment of that assumption was carried out.

The identification of these emails came about primarily through a Freedom of Information Act request, which meant that any prior disclosure statements from previous legal representatives in the Group Litigation, Criminal Cases Review Commission, Court of Appeal and the inquiry itself, had been working on the same untested assumption.

Any statement made to the court should be treated with seriousness and it appears that until the involvement of Burges Salmon, no holistic attempt had been made to map the data landscape of the Post Office.

Pressing on the topic, Jason Beer KC said: “It’s common sense that you do that at the beginning of the disclosure exercise, not three years into it after the inquiry has already heard from nearly 200 witnesses?” Chris Jackson confirmed that: “At the start, yes, you do need to find out what’s there and you talk to the IT staff and you try to build up the best picture that you can as to what is where, yes.”

It’s unfortunate that, although work was done to understand the data, it doesn’t seem that assumptions were tested by previous legal representatives and one can hope that the approach of Burgess Salmon and Fieldfisher, using the Electronic Discovery Reference Model as a guiding principle, and attempting to “reset” some of the work previously done, might also test any other assumptions to help put minds at ease.

The issues could appear as unintended blunders brought about by poor communication on complex topics. Unfortunately, when coupled with the broader investigation and inquiry, one in which disclosure is being considered as a key element in the unjust treatment of subpostmasters in the prosecutions that took place, it is easy to see why one might draw negative inferences about the Post Office’s motives, particularly considering the profound human impact of the Horizon scandal.

Disclosure failures have damaged trust

These disclosure failures have had a serious impact on the inquiry. They have delayed the inquiry’s progress (including rescheduling happening as late as December 2023), inconvenienced witnesses, increased costs, and made it more difficult for the inquiry team to reach conclusions. The failings have inevitably damaged the public's trust in the inquiry.

In litigation and investigations, there is, of course, an implicit level of trust engendered by the professional legal representation appointed. In-house and outside counsel will naturally seek to ensure that the evidence is appropriately examined and disclosed, regardless of whether it harms, or has the potential to harm, their case.

In addition, it is likely that other parties may already have access to the same evidence, having been a recipient during the ordinary course of business. It is illegal to hide anything, and therefore we can – typically – be certain that the available evidence is being considered appropriately and that truth will prevail.

In the case of Horizon, which is such a public and emotive matter, the inquiry disclosure process was managed by the top advisors. These firms have a vast amount of experience in managing such matters. With such reputations at stake, combined with the way in which the Post Office conducted its disclosure in the individual prosecutions – accusations of a deliberate cover-up are credible because, in the public eye, perception is everything.

However, in my experience, very few businesses are prepared adequately to conduct such an exercise. Regardless of the intent of professional legal representation and advisors, if they are not able to demonstrate clear control of the process of disclosure or consider all the relevant evidence - whether through missing data, poor communication, or a badly designed process – then the trust in any such process is lost. 

The recurring pitfalls of e-discovery

In my view, the e-discovery issued raised by the Post Office inquiry are symptomatic of issues I have witnessed repeatedly in every one of my 22 years in the industry of eDiscovery:

  1. Lack of leadership and accountability: Who handles decision-making when it comes to eDiscovery/disclosure? Often, I see law firm partners and vendor management pass the baton to their less experienced associates and project managers, trusting a process that they hope exists, but often does not. Nobody is appointed with overall control of the in-house IT, in-house counsel, outside counsel, eDiscovery vendors and consultants. All have a valuable contribution to make, but who is leading?
  2. Communication: As with any business problem, it typically always boils down to poor communication. More “professional curiosity” is needed to assure the implemented process. In the case of Horizon, decisions with a high level of risk were being made without the joint consultation between the Post Office and its suppliers of legal services.
  3. Inadequate knowledge of the data landscape: Any company, large or small, ought to have an exact record of the data it holds, where it is, and what the retention policies are. The Horizon inquiry is yet another example of an organisation that simply does not know in sufficient and historic detail what data it holds, despite having high-level policies and assessments in place.

Should disclosure be independently audited?

Underpinning conversations with the subpostmasters present at the hearing, was a sense of credulity, questioning why such a complex process to discover and manage evidence - in a matter where the obstruction of evidence is a central question – was not independent of the Post Office and its advisers, or at least independently audited.

The issues seen with evidence to the inquiry to date do not do much to instil a sense of confidence in the arrangements, but the reassurances from Chris Jackson and Burgess Salmon/Fieldfisher do at least go some way to putting the process onto a more stable footing, albeit with some ambiguity around the timings and approach to resolve some of the complex issues.

It remains to be seen what the concluding commentary on disclosure to the inquiry will look like, or indeed if further disclosure issues will come to light. With new advisers appointed with fresh eyes on the huge corpus of data, there are questions still to be answered there are likely to be continuing consequences for the Post Office, both financially and reputationally

The full extent of the human cost of the Post Office scandal is still being felt, with continued calls for accountability and prosecution of those responsible it is likely that the Horizon scandal will continue to unfold for many years to come. 


Martin Nikel is an acknowledged expert in e-discovery. He heads Thomas Murray’s Cyber Risk Advisory eDiscovery and Litigation support practice.

Read more on Regulatory compliance and standard requirements

CIO
Security
Networking
Data Center
Data Management
Close