Engage experts early on
Your business needs and statutory rules will determine how you dispose of your records and information. In most cases, you need an authority to dispose of your records, including data.
Think about disposing of your records as part of the design process. This will make it easier and less resource-intensive when the time comes to dispose of them.
Consult your data, legal, privacy and records and information experts to help you determine:
- who is responsible for destroying records
- how to destroy records in the right way (if it’s your responsibility)
- what documentation/metadata you need to identify which records have been destroyed, when they were destroyed, how, and under what authority
- the minimum period that you need to keep records to meet regulatory, business and community requirements before you can dispose of them.
- the maximum period that you should keep personal information
- the relevant disposal and retention authority that applies to your records.
Consider your business needs
Decide whether your business or legal needs mean you need to keep certain types of information for longer periods beyond your short-term delivery.
For example, you may need to keep statistical research for:
- future business planning
- systems documentation about the service build
- where other business units need it to carry out their functions.
Know the relevant retention and disposal rules
NSW State Archives & Records issues retention and disposal authorities (under the State Records Act 1998). It lists records that are authorised for disposal/deletion and which records are to be kept as State archives.
Talk to your records and information experts to know whether a specific retention and disposal authority applies to your records in your product or service.
Disposing of personal or health information
Talk to your privacy experts about the minimum period you must keep certain types of data for privacy and other reasons before disposing of it. If your records contain personal or health information you’ll need to comply with privacy legislation and principles, the State Records Act 1998 and any other regulations that may apply.