I feel sorry for the poor bloke in IT at British Cycling, he is has a job on his hands. HR have tapped him on the shoulder and asked for some information. They are in the middle of a very public HR conversation with a former employee called Jess Varnish. Jess wants to know a lot of information about herself. The dates in question are 2011 to 2016. Here is the list:

  • Performance data and other records relating to training and competition
  • Any emails and other documents in which she was referred to
  • A copy of personal records held on or about her
  • The investigation and report between Jess Varnish and Shane Sutton
  • Text Messages to or from Shane Sutton, Iain Dyer, Justin Grace and Jan van Eijden
  • All medical records

Certain stuff in here should be easy, medical records, performance data, payroll data, insurance details etc. In this scenario it is structured data, you know where to look for it, copy and paste it, sorted.

The investigation report is a recent document. So easy to get hold of all the evidence. Compile it, send it over.

Text messages. Good luck. Those people will have changed phones in that time period. Messaging applications, text, iMessage, Whatsapp, Facebook etc. These are a real grey area. To be honest here I do not know the law. I would suspect it is down to who owns the device. This is a great reason for IT departments to encourage BYOD, then this is not their problem It would then not be corporate data.

With data residing in multiple pleases, SAN, databases, cloud, end points, back ups. This is not a simple task. I wonder how many organisations have tried to do this and totally failed. I imagine Jess will get a lot of replies along the lines of “sorry this data has been deleted”.