Guidance on the development of a Disposal Program to ensure disposal of information assets is in accordance with an approved current disposal determination and the Disposal Standard.

Relationship to the Information Management Standard

Information can only be destroyed if it is no longer required and in accordance with the State Records Act 1997 (SR Act).

The Information Management Standard (Standard) requires agencies to dispose of information assets in a timely manner once all business, legal and accountability requirements have been met (Behaviour 2.7).

Your agency’s chief executive or delegate is responsible for ensuring:

• no information asset is destroyed unless in accordance with a current, approved disposal determination (Behaviour 5.5)
• that information is not sold, abandoned or donated to external parties which would result in your agency, or the government, not having access to that information and without authorisation in the form of a disposal determination (Behaviour 5.9).

This includes identifying requirements for retaining information assets not covered by a disposal determination and seeking a disposal determination for these information assets if needed (Behaviour 5.4).

To ensure information assets remain accessible for as long as required and are not destroyed without authorisation, the Information Management Plan needs to be underpinned by a disposal program and approved disposal determinations in accordance with the SR Act and the Disposal Standard.

Disposal

Disposal is not simply destroying information assets, it is a range of processes associated with implementing information assets retention, destruction or transfer decisions of a temporary value information assets [not including the transfer of permanent value information assets to State Records or between agencies] which are documented in disposal determinations (ISO 15489.1 Information and documentation - Records management, Part 1: Concepts and principles (2017)).

A permanent value information asset is an information asset that has archival value and will be retained permanently for research by the general community subject to appropriate access restrictions.

A temporary value information asset is an temporary information asset that does not have archival value and may be physically destroyed when a prescribed retention period has passed.

Information assets must only be disposed of in accordance with the requirements set out in the SR Act and the Disposal Standard .

The Disposal Standard provides a set of mandatory principles and requirements to adhere to when disposing of government information.

Disposal includes:

• destroying information assets
• abandoning information assets
• migrating information assets from one system or platform to another
• transferring ownership or possession of information assets to a private entity (known as Transfer of Ownership and Custody Schedule or TOCS)
• selling information assets.

Under the SR Act, disposal does not include transfer to State Records or to another government agency, although similar practices apply.

Disposal Program

A Disposal Program is a key element of your agency’s overall Information Management Program.  It should include:

• development of an agency specific Records Disposal Schedule (RDS) if your agency does not already have one (Behaviour 5.4)
• understanding of any other disposal schedules that might apply to your agency’s information assets
• a Disposal Plan for a backlog of information to be assessed for retention or disposal
• a schedule for implementing regular (for example annual) retention and disposal actions such as transferring permanent information assets to State Records annually or twice a year, rather than in small ad hoc transfers
• regular review of the currency of the disposal schedules applicable to your agency, including ensuring any current information assets are not subject to a disposal freeze.  This assists in guaranteeing all information assets are covered by a disposal schedule
• procedures for applying one or more disposal schedules (for example sentencing of information assets)
• policy and guidance on the disposal of non-official records, called on Normal Administrative Practice
• processes for applying retention periods, including documentation of decisions and quality checking by skilled and experience personnel (internal or contracted)
• approval and documentation processes for the permanent retention and destruction of information assets
• documentation and transfer of temporary information assets to an appropriate internal storage / Approved Service Provider  (ASP) until they are due for destruction
• documentation and transfer of permanent information assets to State Records when they meet the Transfer Standard (they are over 15 years old, no longer required for current administrative use by your agency and are openly accessible or only restricted for no more than 15 years after transfer, unless otherwise agreed)
• policy and guidance on the disposal (or retrieval if appropriate) of information assets created or maintained as part of a contract with a third party provider .  This includes ensuring the proper documentation is maintained for information assets disposed of by the third party provider on behalf of your agency. For more information refer to the Contracting Standard.

To develop a Disposal Plan your agency will need to know what information assets exist,  including those in business systems , and whether those information assets are or are not covered by a current disposal determination.

Destruction of hardcopy or digital information assets must be done securely.  External specialist services are available for this.  Physical disposal methods include pulping, burning, pulverisation, disintegration or shredding.  Sanitisation is the process of erasing or overwriting information stored on digital media.  Methods include clearing, purging, degaussing and destruction.  The destruction and / or sanitisation methods needs to be chosen according to the format of the information assets and their security classification.

Disposal determinations

There are various disposal determinations (referred to as Disposal Schedules) that can be used to enable compliant retention and destruction of your agency’s information assets (Behaviour 5.5).

These determinations apply to information in any format and are required to be approved by the State Records Council in accordance with section 23 of the SR Act.

Disposal Schedules

Disposal schedules identify the minimum periods information assets must be kept.

General Disposal Schedules (GDS)

These are developed to cover information assets common to all agencies or councils, or to a specific sector.  For example:

• GDS 30 – covers information assets common to all state government agencies.
  GDS 30 cannot automatically be applied to temporary information assets more than 50 years old and previously unsentenced.  For these information assets, a specific operational RDS (see below) will need to be developed in conjunction with State Records

• GDS 40 – covers all information assets common to local government agencies.

A GDS may also be issued to freeze disposal of any information assets relating to a specific subject.  For example:

• GDS 38 – covers Records of Relevance to the Royal Commission into Violence, Abuse, Neglect and Exploitation of People with Disability
• GDS 16 – covers Native Title Claims.

Disposal freezes

These are developed where specified information assets are required to be kept longer than the retention periods approved in their original applicable disposal determination to assist with anticipated legal or statutory requests for access to those information assets, such as for a Royal Commission.

Records Disposal Schedules (RDS)

These are developed to cover information assets unique to your agency's core business and not covered by a GDS (Behaviour 5.4).

A new RDS will need to be developed to retrospectively authorised the disposal of these information assets.

An RDS can also be developed to cover a specific set of agency information assets.  For example:

• to get approval to destroy administrative information assets created after the year 1900 and over 50 years old, which are not covered by a GDS
• damaged information assets that cannot be recovered.

Lost or misplaced information assets on loan from State Records must be formally reported to State Records, as this is a form of unauthorised disposal.

Transfer of Ownership and Custody Schedules (TOCS)

These schedules are developed to cover the transfer and ownership of agency information assets to a non-government agency.  For example, a TOCS will be required whenever an agency function is privatised, such as the sale of a government owned aged care facility to a private entity.

It is not required for a lease or third-party provider contract.

A TOCS applies to specific categories of information assets created and controlled by an agency which are affected by sale or an administrative change and are required by the private entity to carry out the functions and related activities that have been transferred.

The TOCS prescribes, depending on the information assets in question, who is responsible for disposal and relevant retention periods.

Sentencing

Sentencing is the process of applying retention periods to digital or hardcopy information assets from an approved disposal schedule.

It is recommended sentencing occurs when the information asset is created because the retention period is based on the requirements for evidence of the activity or process generating the information asset.  Sentencing can also occur prior to disposal.

Sentencing usually involves:

• determining if the information asset has temporary value or is required to be retained permanently (if required permanently must be transferred to State Records in accordance with the Transfer Standard).
• if temporary, identifying the earliest date when the information asset may be destroyed
• recording the date for destruction or requirement to retain the information asset permanently, and the RDS or GDS reference, on the information asset itself or in a recordkeeping system such as an Electronic Document and Records Management Systems.

All pre 1901 information assets are permanent due to their rarity and must be transferred to State Records.

In addition to ensuring the information assets are sentenced against a current approved disposal schedule(s), they should also be reviewed to ensure they are not:

• required for a longer retention following legislative changes
• subject to a disposal freeze
• required as evidence in legal proceedings
• required for ongoing business use (Behaviour 5.5).

Reviewing applied retention periods must occur when previously sentenced information assets become due for destruction or transfer to State Records; these information assets need to be assessed to ensure the sentence applied is still current (for example, the GDS / RDS version and item number still applies).

Where sentences are no longer current, resentencing should take place.

It may also occur when a new disposal schedule is issued or an existing disposal schedule is reviewed or amended.

When a revised version of a disposal schedule is issued there will often be changes to existing retention periods. Some retention periods may be increased from temporary to permanent, while others may decrease. New classes may be added and / or class descriptions may change resulting in some classes being combined (or rolled up) into one class and other single classes being split into multiple new classes.

Resentencing will confirm the current disposal schedule and item number for the information asset and what retention period applies.

Normal Administrative Practice (NAP)

NAP applies to destruction of non-official information assets.

Under NAP your agency may routinely destroy information of a transitory or ephemeral nature where it is obvious that no information of continuing value to your agency will be lost.

An information asset will be of ‘continuing value’ if it is required for administrative, business, fiscal, legal, evidential or historic purposes.

For the destruction of official information assets refer to disposal determinations and section 23 of the SR Act.

The NAP Test

Before an information asset can be destroyed using NAP, the following test must be applied:

• Does the information asset offer evidence of your agency’s business?  For example is the information asset used to perform staff duties, such as printouts used to verify or monitor data?

If the information asset does not relate to your agency’s work, it can be destroyed under NAP as it is not an official information asset.

• If the information asset does relate to your agency’s work, does it:
  • form part of your agency’s business?
  • add value to an existing information asset?
  • show how a transaction was dealt with?
  • show how a decision was made?
  • show when and where an event happened?
  • indicate who was involved and what advice was given?
  • require someone to action it?
  • relate to a legal document or agreement?

If the answer is yes to any of the above questions, it cannot be destroyed under NAP as it is an official information asset.

If the answer to all of the above questions is no, the information asset can be destroyed under NAP.

Drafts and duplications

In addition to NAP, information assets that are not captured under the SR Act as an official information asset, such as drafts and duplications, can also be destroyed if they will not become an official information asset in the future (refer to section 3 of the SR Act).

Drafts and duplications must not be destroyed if they contain notes of significant decisions, discussions, reasons and actions or contain significant information that is not contained in the final version of the information asset.

Hybrid files

Hybrid files contain both digital and hardcopy information assets dealing with the same activity or function.  Prior to the disposal of an information asset, it must first be established whether it is part of a hybrid file.

To efficiently dispose of hybrid files, both information assets need to be destroyed, preferably at the same time.

When transferring permanent value information assets to State Records, State Records need to be advised if the information assets forms part of a hybrid file.  Your agency must retain the electronic permanent value information asset, adding such metadata as required to reflect the transfer of the hardcopy permanent asset to State Records.

If transferring both the electronic and hardcopy temporary value information assets to an ASP, your agency should ensure that the hybrid nature of the files is reflected in the description.

Sale, abandonment and donation of government information assets

Staff need to understand they are creating government information assets which have value not only to their agency but to the government, community and the State.

This can be achieved by having policies clarify that information assets must not be sold, given away to external parties or taken home by staff without proper authorisation (Behaviour 5.9).

Information assets no longer required must not be misused or accessed inappropriately. Controls should be in place to prevent the abandonment of information assets.  All information assets, including the devices on which are they are held, need to be securely, completely and lawfully destroyed once they are no longer required.  Refer to your agency’s Information and Communication Technology policy for more information.

Your agency is responsible for ensuring the proper destruction of all information assets in its custody and that it occurs in accordance with the SR Act and with any other government policies.

Further, destruction must be documented, particularly if undertaken outside of your agency.

Other influences

Other situations or events might require information assets to be kept longer than the minimum retention periods. For example:

• legal matters – information assets are to be kept longer than the minimum periods where your agency is aware of actual, or likely, legal or statutory requests for access to information, such as: legal discovery for an impending legal matter, a subpoena, a Royal Commission Notice to Produce or as a result of new legislation or regulations
• FOI – where information assets are due for disposal but are subject to a current FOI application
• high risk – information assets should be kept longer where they are identified as being of significant risk (for example, information assets potentially related to native title or COVID response)
• machinery of government changes – information assets might need to be kept longer when functions, activities or processes change, within your agency or across government.

For digital information that must be kept long term or permanently, your agency is responsible for the information assets’ ongoing custody.

Use long term preservation formats, official systems and well managed migration processes to ensure your information assets remain in a readily accessible format (which includes content, structure and context) for the prescribed retention period (Behaviour 5.3)

Accessibility

Information assets must remain accessible and in good condition (if digital, in a readable format) for as long as they are required.  This includes when:

• information assets need to be migrated from a physical to a digital format for preservation or conservation purposes, or
• digital information assets need to be migrated from one system, software or media format to another due to upgrades or the system becoming obsolete (Behaviour 5.3).

For example, if an information asset covered by a GDS has a retention period of 100 years it must:

• remain accessible over the entire 100 year period, and
• be capable of being relied on as trusted and authentic evidence of your agency’s decisions made and actions taken.

This means it must be capable of being retrieved by your agency in a readable format.