Principle 1: Creating and keeping full and accurate records relevant to child safety and wellbeing, including child sexual abuse, is in the best interests of children and should be an integral part of institutional leadership, governance and culture.

Institutions that care for or provide services to children must keep the best interests of the child uppermost in all aspects of their conduct, including recordkeeping. It is in the best interest of children that institutions foster a culture in which the creation and management of accurate records are integral parts of the institution's operations and governance.

Principle 1: Business information is systematically governed

Proactively plan and implement information governance to manage business information as an asset to support immediate and future business outcomes, needs and obligations.

Actions 1.1 to 1.4 recommend:

• including information governance within corporate governance structures and frameworks
• developing frameworks, strategies and polices outlining how business information will be managed to satisfy stakeholder needs and legislative and regulatory obligations
• ensuring valuable information assets are known and controlled by registering them and assigning a responsible business owner or custodian to oversee their management
• senior management provide leadership by actively supporting information management.

Action 1.8 recommends fostering a culture that values and manages information as an asset and an enabler for business use and community reuse.

Actions 1.9 and 1.10 recommend:

• producing and disseminating policies and procedures providing guidance and direction to staff on creating  and managing business information
• assigning and explaining information management responsibilities at all levels from agency head to general staff, including outsourced providers, contractors and volunteers
• training and educating staff on an ongoing basis to assist them to meet their responsibilities.

Principle 2: Necessary business information is created.

Create business information that is fit for purpose to effectively support business needs.

Action 2.1 advises that business needs include having evidence of the efficient and accountable operation of business as well as supporting individual and collective rights and entitlements.

Principle 2: Full and accurate records should be created about all incidents, responses
and decisions affecting child safety and wellbeing, including child sexual abuse.

Institutions should ensure that records are created to document any identified incidents of grooming, inappropriate behaviour (including breaches of institutional codes of conduct) or child sexual abuse and all responses to such incidents.

Records created by institutions should be clear, objective and thorough. They should be created at, or as close as possible to, the time the incidents occurred, and clearly show the author (whether individual or institutional) and the date created.

Principle 2: Necessary business information is created.

Create business information that is fit for purpose to effectively support business needs.

Action 2.1 recommends identifying where there is a business need to create a record. Business needs include: having evidence of the efficient and accountable operation of business; allowing proper scrutiny; managing business risks; supporting the business if there is legal action or dispute; supporting individual rights and collective rights and entitlements; satisfying the requirements of stakeholders; and meeting legislative and regulatory obligations.

Action 2.2 recommends documenting information to meet business needs including: communications made or received; actions undertaken or observed; research and investigation; and deliberations and decisions. 

This should be recorded at the time of the activity or shortly afterwards.

Actions 2.3 and 2.4 recommend creating accurate business information that contains sufficient detail to meet business needs and be understood by others in the future; and ensuring staff know when and how to create fit-for-purpose business information.

Principle 3: Business information is adequately described.

Describe business information so that it can be found, understood and accessed appropriately when needed.

Action 3.1 recommends linking business information to identifying information such as a unique identifier or title.

It also recommends describing the context of the information such as who created it, when, and for what purpose.

Principle 3: Records relevant to child safety and wellbeing, including child sexual abuse,
should be maintained appropriately.

Records relevant to child safety and wellbeing, including child sexual abuse, should be maintained in an indexed, logical and secure manner. Associated records should be collocated or cross-referenced to ensure that people using those records are aware of all relevant information.

Principle 3: Business information is adequately described.

Describe business information so that it can be found, understood and accessed appropriately when needed.

Action 3.1 recommends describing business information so that all needed information can be dependably found, understood and used. This includes linking business information to related information which would include control records and other relevant records. It also includes keeping description on who has accessed or viewed business information and if it has been changed and by whom.

Action 3.3 recommends designing tools and systems that enable staff to enter descriptive information in a consistent manner and where required, to standardise description to support sharing and interchange of quality data between internal and external systems.

Agencies should also follow the advice in Principle 4: Business information is suitably stored and preserved. Recommended actions include: storing business information in an environment that prevents unauthorised access, alteration, removal or destruction; and implementing preservation strategies to ensure it remains useable.

Principle 7: Business information is saved in systems where it can be appropriately managed has recommended actions on how to manage business information in systems to protect its integrity and support trusted and reliable use.

Principle 4: Records relevant to child safety and wellbeing, including child sexual abuse,
should only be disposed of in accordance with law or policy.

Records relevant to child safety and wellbeing, including child sexual abuse, must only be destroyed in accordance with records disposal schedules or published institutional policies.

Records relevant to child sexual abuse should be subject to minimum retention periods that allow for delayed disclosure of abuse by victims, and take account of limitation periods for civil actions for child sexual abuse.

Principle 5: How long business information should be kept is known.

Analyse and document how long to keep business information to meet identified business and community needs.

Action 5.1 recommends documenting how long business information needs to be kept to meet operational and stakeholder needs including rights and entitlements, as well as legislative obligations.  Agencies must not destroy valuable business information without the permission of the National Archives. This permission is provided in the form of records authorities.

In 2018 the Archives issued General Records Authority 41 Child Sexual Abuse Incidents and Allegations.

Action 5.2 recommends that staff and others including contractors and outsourced providers know the retention period of business information.

Principle 6: Business information is accountably destroyed or transferred.

Keep business information for as long as required after which time it should be accountably destroyed or transferred.

Actions 6.1 and 6.2 recommend assessing business information against current records authorities and confirming that there is no need to keep it beyond the authorised retention period. Any destruction should be documented with the action, authority and approval for destruction.

Reasons why information may need to be kept for longer include: anticipated requests for access; likely legal action; or a freeze issued by the Archives for business information on that issue or topic. There is currently a disposal freeze on records related to institutional responses to child sexual abuse.

Principle 5: Individuals' existing rights to access, amend or annotate records about themselves should be recognised to the fullest extent.

Individuals whose childhoods are documented in institutional records should have a right to access records made about them. Full access should be given unless contrary to law. Specific, not generic, explanations should be provided in any case where a record, or part of a record, is withheld or redacted.

Individuals should be made aware of, and assisted to assert, their existing rights to request that records containing their personal information be amended or annotated, and to seek review or appeal of decisions refusing access, amendment or annotation.

Principle 8: Business information is available for use and reuse

Create and manage business information so that it can be effectively accessed over time by staff and other users with a right of access.

Action 8.1 recommends making business information readily available unless there is a reason to restrict or partially restrict access, such as security or privacy considerations.

Action 8.3 recommends facilitating the use of business information based on the understood needs of known and potential user groups.

Action 8.6 recommends releasing and publishing business information for public discovery and reuse according to Australian law and policy including to comply with the public's right of access.

To some degree Principle 2 : Necessary business information is created  is also relevant as it recommends creating business information that is fit for purpose to support business needs,  which include supporting individual and collective rights and entitlements and satisfying the requirements of stakeholders.