All business information created, sent and received by the Australian Government is considered Commonwealth records. Such information is a valuable asset requiring proper management, from its creation, titling and classification, access, protection, storage and preservation, to disposal.
Disposal of Australian Government information according to the Archives Act 1983 means:
Destruction refers to the complete and irreversible process of erasing the information so it cannot be reconstituted or reconstructed. Destruction of Australian Government information can occur if it is:
When destroying information in accordance with a current records authority issued by the Archives, you should ensure that the information:
You should also make sure that:
The information should then be destroyed in a secure manner. Appropriate details of its destruction should be maintained, including what information has been destroyed, when, how and under which records authority.
Destruction of information should be:
There are a number of suitable methods of destruction for physical and digital information.
Methods for destroying physical information such as papers, photographs and films include:
You should review the guidelines in the Australian Government Protective Security Policy Framework to determine destruction methods suitable for your agency's physical information.
Deletion of digital information does not mean destruction. When digital information is deleted, it is only the pointer (the link) to that information (such as the file name and directory path) that is deleted. The actual data objects are gradually overwritten in time by new data. However, until the data is completely overwritten, there remains a possibility that the information can be retrieved.
The process of erasing or overwriting information stored on digital media is called sanitisation. The extent of sanitisation used generally depends on the classification of the information. You should decide on a method of destruction based on a risk assessment of the sensitivity of information and align the classification with a sanitisation technique.
Methods for destroying digital information include:
To ensure the complete destruction of digital information, all copies should be found and destroyed. This includes removing and destroying copies contained in system backups, cloud and offsite storage. Where information is stored in the cloud, your agency should ensure that the contract stipulates, under retention and disposal requirements, that all copies should be destroyed.
Australian Government information must be securely destroyed. You should never leave information at the local tip, as it may be retrieved without your knowledge. It is illegal to sell information, even if it would otherwise have been destroyed.
Destruction should be carefully planned and consider:
Contractors can be engaged to destroy information. It is the responsibility of your agency to ensure that your requirements for destruction are included in the contract (eg information remains Commonwealth property until it has been destroyed, and destruction occurs in accordance with the approved methods of destruction).
The contractor should supply you with a certificate of destruction that guarantees that work has been completed. You may also want to request that the certificate of destruction includes the method of destruction used by the contractor.
Under Regulation 9c of the Archives Regulations 2018, the Archives may request an agency to provide information relating to the disposal or destruction of Commonwealth records in the agency’s custody.
Disposal decisions and destruction of information should be recorded in agency control records, in the corporate records management system or other endorsed business system. Master control records, which include metadata about any information that has been destroyed, are retained as 'national archives'.
Relevant contextual information about the disposal decision and destruction of information should be recorded and may include the following:
The level of detail in the record of destruction will depend on the value of information and associated risks. Your agency may decide to document the destruction of low value, low risk information at aggregate level (eg at box or series level), and individually (eg at file or folder level), at a greater level of detail, for high value, high risk information.
If you suspect Australian Government information has been destroyed or disposed of without appropriate authorisation, contact the Agency Service Centre.
For more information see What to do in cases of unauthorised destruction of information.