POL00041481
POL00041481
20 September 2017 Bond Dickinson LLP
Oceana House
39-49 Commercial Road
‘Southampton
S015 1GA
For the Attention of Mr J Hartley
Tel: 0345 415 0000
Freeths LLP Fax: 0345 415 8200
Floor 3 DX: 38517 Southampton 3
100 Wellington Street andrew.narsansi@
Leeds Direct: ___GI
LS1 4LT
Our ref:
- AP6/AP6/364065.1369
By email only Your ref:
IFR/1803/212876/1/ER
Email: james.hartley@
Dear Sirs
The Post Office Group Litigation
Preservation of Horizon data
We refer to your letter of 13 September 2017 in relation to Mr Dean and Dean & Smedley Ltd and letters
of 24 August 2017 and 15 September 2016 in relation to Mr Holt, all of which touch on the issue of
preserving Horizon data.
We write now to provide more information about the data that is stored by Horizon and to make a
proposal for the preservation of certain very limited residual categories of data that may or may not be
relevant to this litigation. It has been difficult to formulate this proposal because your correspondence on
this topic has been unduly aggressive, prone to ever-changing demands and lacking any reasoned
justification. Nevertheless we hope the proposal below should avoid further correspondence on this
topic.
1. Preservation of transaction and event data
1.1 Transaction data is the line by line record of each transaction processed in a branch [Fu to
confirm — does it include anything else?]. In Horizon Online (ie. since 2010) this data is input on
terminals in a branch, transmitted across the internet and stored in central data centres.
Transaction data is not stored on a local terminal.
1.2 The same situation applies to event data. Event data records events on Horizon such as logging
on and off, [FJ — please could you provide some further examples of what event data would
record?].
1.3 Transaction and event data was regularly disclosed to Second Sight during the Mediation
Scheme and so they may be able to provide you with more information on the nature of this data.
1.4 We note that, as with any IT system, there may be residual pieces of data stored within the local
terminal as a result of that terminal processing a transaction or undertaking some other function.
We do not consider this data relevant given the master record of events and transactions is kept
in the data centres.
1.5 Transaction and event data is held in the central data centres for a period of seven years. After 7
years, the data is usually deleted at regular intervals. In October 2014, as part of the mediation
scheme, Post Office instructed Fujitsu to stop deleting transaction and event data. We
Bond Dickinson LLP is a limited liability partnership registered in England and Wales under number 0C317661. VAT registration number is
GB123393627. Registered office: 4 More London Riverside, London, SE1 2AU, where a list of members’ names is open to inspection. We use the
term partner to refer to a member of the LLP, or an employee or consultant who is of equivalent standing, Bond Dickinson LLP is authorised and
regulated by the Solicitors Regulation Authority.
4A_36921044_2
POL00041481
POL00041481
understand that Fujitsu currently holds transaction and event data for all branches dating back to
October 2007. [FJ to confirm]
1.6 The Post Office network processes over 1 billion transactions a year so it is a significant
investment on Post Office's part to preserve all this information. Post Office will keep under
review whether it is required to preserve this data for the purposes of the Group Action, but
confirms that it has instructed Fujitsu not to delete this data before October 2018, at which point
the issue will be reconsidered. Our client has no reason to believe that Fujitsu will not follow this
instruction.
1.7 Transaction and event data is the cornerstone of branch accounting. It is this data that is used to
generate the branch accounts in which shortfalls and surpluses will be shown. This is the most
important data to preserve and Post Office has been doing so long before this litigation began. In
comparison, the other categories of data discussed below are of significantly less usefulness and
in most cases will not be relevant at all.
2. Data stored on terminals
24 We understand from our discussions with Fujitsu that there are a number of logs held on the
terminals and not stored in the data centre. The two which may be relevant to the Group Action
are:
2.4.1 The "postofficecounterlog" which contains data concerning interactions between the
terminal and the PINpad, rateboard and printer; information messages from the
Counter Business Application (e.g identifying button presses and messages which
appear on the terminal screen); and the building of reference data for use by the
Horizon application.
2.1.2 The messagelog which contains information about messages sent from the counter to
the data centre and the responses received from the data centre.
[Any other logs within the Horizon application?]
2.2 There are other logs on the terminal, such as a log which shows how much memory is in use and
logs which relate to the windows operating system. However, we cannot see that these would be
relevant to matters in the Group Action (particularly given the very vague pleadings provided so
far about your concerns with Horizon). Logs which relate to the operating system are part of
nearly all IT systems and your IT expert should be in a position to advise you on the nature of
these.
[Any other logs that are not part of Horizon?)
[Any other data on the terminals?]
2.3 The postofficecounterlog and messagelog (the Logs) are used by Fujitsu for diagnostic
purposes. For example, when a postmaster reports a technical issue to the Horizon Service
Desk (HSD) it may be appropriate to use these logs to investigate the operation of Horizon ina
particular branch. The Horizon system does not use the contents of the Logs for the purposes of
branch accounting. The Logs are held on the terminal for a period of 30 days, following which
they are overwritten. Fujitsu can extract the Logs from a terminal through a manual process
which takes approximately two hours.
24 The Logs are only relevant in limited situations where a postmaster alleges a technical issue and
other efforts at solving that issue (eg. eliminating user error) have not been successful. If your
clients had raised an issue in real time, then it would have been possible to investigate the Logs
as necessary. This is however dependant on your clients raising issues promptly and, in this
regard, we note that a number of your clients chose to conceal issues rather than escalate them.
4A_36921044_2 2
POL00041481
POL00041481
3. Preservation of Logs
3.1 To extract the Logs for all Claimants who are live postmasters (approx. 143) would take around
286 hours every month. Extracting the data in such a manner would be unreasonable and
disproportionate especially in circumstances where the data may not even be relevant as there
may have been no issue in the last 30 days that requires investigation.
3.2 We therefore propose a procedure by which relevant Logs can be preserved:
3.2.1 Where a Claimant who is a current postmaster believes they have experienced a
technical issue with Horizon, they should follow the normal process of informing the
NBSC and/or HSD helplines as appropriate.
3.2.2 The NBSC and HSD will then seek to resolve the issue.
3.2.3 Once HSD's enquiries have reached a conclusion, either the issue will have been
resolved to the satisfaction of the Claimant or the Claimant may still have concerns.
3.2.4 In the latter scenario, Freeths may make a written request for the Logs to be
preserved, providing us with:
(a) the date on which the issue arose;
(b) details of the issue;
(c) when the issue was reported to NBSC / HSD and the reference number.
3.2.5 Once this information has been provided then we shall instruct Fujitsu to extract the
Logs and arrange for them to be transferred to you.
3.3 This proposal largely mirrors the existing working practice of Post Office and Fujitsu. However,
given your repeated demands we believe this practice should be placed on a more formal footing
between our clients.
3.4 Please note that this proposal will only work if your requests are reasonable and made in relation
to genuine issues. They also need to be made promptly as it may take up to [2 working days] to
process the request, [although Fujitsu will endeavour to extract the logs as quickly as possible].
3.5 Our client reserves the right to reject unjustified requests if you are making excessive or onerous.
requests or are attempting to simply get access to all the Logs. We therefore ask that you act
constructively in implementing this proposal.
4. Preservation of physical terminals
41 In light of the above, our client does not agree to preserve physical terminals unless you are able
to identify particular reasons to do so in specific cases.
42 For the sake of completeness, in relation to your query on the potential for a loss of data when a
terminal is removed from a branch, Fujitsu have confirmed that they do not expect data to be lost
or compromised as a result of removing a terminal from a branch. However, it should be noted
that the data would be deleted if a terminal is distributed to another branch.
43 We understand that you wish to image the hard drives of Mr Dean's and Mr Holt's terminals. As
recognised in your letter of 10 August 2017 (relating to Mr Dean), imaging the hard drive will
require your expert(s) to access the internal sections of the terminal. You are therefore aware of
the disruption / damage which could be caused by such imaging. We trust that the above
proposal in relation to the preservation of Logs assures you that there is no need for the terminals
to be imaged.
44 We look forward to receiving any comments which you may have on the above proposal.
4A_36921044_2 3
POL00041481
POL00041481
Yours faithfully
Bond Dickinson LLP
4A_36921044_2 4