Guiding principles for the appropriate management of disposal under the Public Records Act 2005
1 Our role
Archives New Zealand has a legislative responsibility to the government and citizens of New Zealand to provide an integrated framework for the systematic creation, management, disposal and preservation of public sector information and records, including data.
The Public Records Act 2005 (the Act) provides regulatory tools to assist and support public sector organisations to achieve voluntary, full and sustained compliance. Through Archives New Zealand’s use of these tools and our regulatory activities, we enable government to be held accountable and enhance public trust in the integrity and reliability of central and local government information. Good information management practices are a cornerstone to building this trust.
The purpose of this document is to outline a set of guiding principles that public sector organisations can utilise for the disposal of information and records.
Under section 18 of the Act:
(1) No person may dispose of, or authorise the disposal of, public records or protected records except with the authority of the Chief Archivist, given in accordance with the provisions of this Act.
(2) Subsection (1) does not apply if the disposal of a public record or a protected record is required by or under another Act.
This statement is written for:
(a) Archives New Zealand staff tasked with ensuring that disposal is managed appropriately;
(b) organisations so they can meet their statutory obligations and support their business needs; and
(c) external stakeholders who may wish to know more about the disposal of information and records.
2 Our approach
In the context of information and records, disposal means a range of processes or actions associated with implementing appraisal decisions which are documented in disposal authorities or other instruments. These include retaining, transferring or destroying information and records. Transfer may also include the transfer of ownership or the transfer of custody of information and records.
Systematically managing information and records through lawful disposal is an important part of managing information and records effectively.
3 Guiding principles
To ensure that public sector organisations dispose of their information and records in a managed and appropriate way, it is important to establish some guiding rules or principles.
Disposal of all information and records must be authorised by the Chief Archivist. Authorisation is provided by Disposal Authorities and/or General Disposal Authorities. The chief executive or equivalent of an organisation is responsible for ensuring that any disposal implementation is conducted in a lawful manner and in accordance with business and/or legal requirements.
Documenting when and why any disposal has occurred also demonstrates compliance with disposal authorisation and transparency in information and records disposal undertaken by organisations.
All information and records must be covered by a current and authorised Disposal Authority, regardless of the format or systems in which they are maintained. This includes information and records relating to:
current functions undertaken by an organisation, including functions of any predecessors;
functions and activities previously undertaken by an organisation or its predecessors where such information and records still exist; and
outsourced functions and activities.
Disposal Authorities should be reviewed whenever legislative or government policy change may affect the regulatory environment, and where there are changes of structure or function.
Disposal of information and records must be planned, regular and integrated into an organisation’s business processes and programs. This not only enables an organisation to meet its statutory obligations, it also supports the effective and efficient use of resources such as storage capacities, equipment and staff.
Organisations should formally document how and when they will dispose of information and records in a plan which should, at a minimum, cover:
endorsement of the disposal implementation including internal endorsement;
disposal methods for physical and digital information and records; and
Information and records must be disposed of in a timely manner. While information and records should not be destroyed while there is still a need for them, it is also important not to keep these longer than is necessary.
An organisation that keeps information and records for longer than required is exposed to the risks of cost, efficiency, and reputation:
Cost – the costs of maintaining, accessing and preserving information and records are significant
Efficiency – systems work less efficiently if they contain too much information and records, making it harder and more time-consuming to find those needed to carry out business functions and to enable accountability
Reputation – not disposing of information and records responsibly and on time puts organisations at risk of non-compliance and increases the risk of inappropriate access or release.
Disposal of information and records must be undertaken using secure methods so that the content is protected and is not inadvertently released or lost. The authorised destruction of information and records including all copies and versions must be irreversible and complete.
Organisations must also ensure that the authorised transfer of information and records to Archives New Zealand, an approved repository or another organisation is undertaken using secure methods to ensure that the information and records are not damaged, lost or stolen, or accessed unlawfully.
4 Benefits of disposal
The benefits of authorised and regular disposal of information and records include:
increasing efficiency by making retrieval faster and easier
controlling how information and records are stored, maintained, accessed and managed
controlling the costs of managing information and records
reducing the risk of breaches in both privacy and security
supporting better decision making and accountability
helping to identify and protect information and records that are high risk, high value, or both
promoting the use, reuse and sharing of information and records
minimising the risk of illegal or unmanaged access
minimising the risk of illegal or unmanaged destruction
facilitating legislative compliance.
If an organisation effectively manages the current and future risks associated with disposing of information and records, this helps it to meet government and community expectations. These expectations include:
effective and responsible stewardship of information assets
creation and maintenance of information and records that can be used to hold an organisation to account
preservation of information and records that have long-term value.
Regulatory Statement (16/S1).
Protected record means a local authority record declared under section 40 to be a protected record for the purposes of this Act, section 4.
Last updated on 23 April 2021