When the National Archives issues a records authority enabling you to destroy information, ensure the information:

• has reached its minimum retention period
• is no longer required for continuing business or accountability purposes.

Checking the sentence stands

Make sure that the original sentence is still current.

Consider potential changes in circumstances. For example, if a non-controversial document becomes controversial or is of public interest, you may need to keep the information longer.

Review the information to make sure it is not affected by a:

• records disposal freeze
• current legal proceeding or inquiry it relates to

Also check it is not affected by a current application for access under the:

• Freedom of Information Act 1982
• Privacy Act 1988
• Archives Act 1983.

Once you are sure you can destroy the information, do so in a secure way. See below.

Maintain appropriate details of its destruction, including:

• what information has been destroyed
• when
• how
• under which records authority.

Before you destroy information, check it is:

• Authorised – the National Archives has authorised its destruction through a current records authority showing relevant agency approval.
• Appropriate – the destruction method can't be undone.
• Secure and confidential – the information is destroyed with the same level of security that was applied during its use.
• Timely – the information should not be kept longer than needed. If it is decided to retain information longer than the minimum retention period, document the reasons for the decision to help destruction at a later date.
• Documented – the destruction of information is documented to support accountability and compliance with Part 3–11 of the Archives Regulations 2018.

Review the guidelines in the Australian Government Protective Security Policy Framework to choose destruction methods suitable for your agency's information.

Australian Government information must be securely destroyed. Never leave information at the local tip, as it may be retrieved without your knowledge.

It is illegal to sell information, even if it would otherwise have been destroyed.

Destruction should be carefully planned. Consider:

• the availability of locked bins
• the location and method of destruction
• transportation to the destruction site via closed trucks or vans
• the availability of same day destruction
• appropriate supervision of the destruction process.

There are a number of suitable destruction methods for physical and digital information.

Physical information

Methods for destroying physical information such as papers, photographs and films include:

• shredding – cross shredding may be needed for some sensitive documents
• pulping – pulped paper is reduced to fibres
• burning – only use it as a last resort in an appropriate industrial facility if no other destruction method is available.

Digital information

Digital information deletion does not mean destruction.

When digital information is deleted, it is only the pointer (the link) to that information (such as the file name and directory path) that is deleted.

The actual data objects are gradually overwritten in time by new data. Until the data is completely overwritten, there remains a possibility that the information can be retrieved.

Sanitisation

The process of erasing or overwriting information stored on digital media is called sanitisation. The extent of sanitisation used depends on the information's classification.

Choose a destruction method based on a risk assessment of the information's sensitivity and align the classification with a sanitisation method.

Sanitisation methods for destroying digital information include:

• Clearing – the information is cleared from the media or overwritten and is hidden under layers of nonsensical data so it cannot be retrieved through disk or file recovery utilities.
• Purging – the information is randomised so that it is no longer readable and cannot be reconstructed from digital media using nonstandard systems operating outside the media's usual working environment (known as a laboratory attack). 
• Degaussing – recorded data is erased through demagnetising magnetic media.
• Destruction – the most extreme form of sanitisation ensures the media is drastically altered and can never be reused by physically destroying carriers of digital information such as hard drives and discs.

The various destruction methods include:

• shredding
• disintegration
• incineration
• pulverisation
• melting.

To ensure the digital information's complete destruction, find and destroy all copies. Remove and destroy copies contained in:

• system backups
• the cloud
• offsite storage.

Where information is stored in the cloud, your agency should ensure that the contract stipulates, under retention and disposal requirements, that all copies should be destroyed.

You can engage contractors to destroy information. It is your agency's responsibility to ensure your destruction requirements are included in the contract. For example:

• information remains Commonwealth property until it has been destroyed
• destruction occurs in accordance with the approved destruction methods.

To ensure destruction is carried out appropriately:

• ask the contractor to supply you with a destruction certificate to guarantee the work has been completed
• request that the destruction certificate includes the destruction method the contractor used.

Under Regulation 9c of the Archives Regulations 2018, the National Archives may ask an agency to provide information relating to the disposal or destruction of Commonwealth records in the agency’s custody.

The Regulations no longer require agencies to notify the National Archives about information destruction via a 'Notification of records destroyed' (NAS 45).

However, to support accountable disposal and comply with Regulation 11 of the Regulations, agencies must record information relating to the destruction or other disposal of Commonwealth records.

Where to record the information

Record disposal decisions and destruction of information in either:

• your corporate records management system
• another endorsed business system.

What to record

Master control records, which include metadata about any information that has been destroyed, are retained as national archives.

Record relevant contextual information about the disposal decision and information destruction. Include the following:

• a description of the records – for example, unique identifiers and titles
• applicable records authority and class numbers used to authorise disposal
• records date range
• records quantity – gigabytes for digital or shelf metres for paper
• date of the disposal action – for example, date of destruction or transfer
• destruction method
• authorised action officer details.

Choosing the level of detail to record

The level of detail in the destruction record will depend on the information's value and associated risks.

Your agency may decide to document the destruction of low value, low risk information:

• at an aggregate level – for example, at box or series level
• individually – for example, at file or folder level

They may choose to document data at a greater level of detail for high value, high risk information.

Our sentencing worksheet can help you record your agency's destruction decisions.

• Download the sentencing worksheet (Excel, 657.4 kB).
• Download the instructions for using the sentencing worksheet (PDF, 1.7 MB).

If you suspect Australian Government information has been destroyed or disposed of without appropriate authorisation, contact the Agency Service Centre.

What to do in cases of unauthorised destruction of information

All business information and data created or received by an Australian Government agency is a Commonwealth record.

The Archives Act 1983 prohibits the destruction of Commonwealth records unless specifically:

• required by any law
• done with permission from, or in accordance with a practice or procedure approved by, the Archives
• in accordance with a normal administrative practice (NAP) that the Archives does not disapprove of.

If you discover business information has been destroyed or disposed of without appropriate authorisation, contact the Archives' Agency Service Centre. We will need details such as:

• the nature of the information and records
• their titles, format and volume
• how old the information and records were
• if they had been sentenced
• if they were permanent or temporary
• when they were due for destruction
• the circumstances of the destruction
• the governance framework, including policies, guidelines and procedures, used for accountable destruction of agency information and records.