1. Introduction

In the context of information and records, disposal means the decision-making processes for retaining, transferring or destroying information and records.

Section 4 of the Public Records Act 2005 (PRA) outlines the types of possible disposal actions. These are transfer of control, sale, alteration, destruction, or discharge.

2. Getting and using authorised approval

Public offices and local authorities must get the Chief Archivist’s authorisation to dispose of information and records by these means (sections 20 and 40 of the PRA). By systematically managing information and records through disposal, an organisation meets its statutory obligations and supports its business needs.

Using authorised disposal actions is an important part of managing information and records effectively, and is a legal requirement.

3. Benefits of authorised and regular disposal

The benefits of authorised and regular disposal of information and records may include:

  • increasing efficiency by making retrieval faster and easier

  • controlling how information and records are stored, maintained, accessed and managed

  • controlling the costs of managing information and records

  • reducing the risk of breaches in both privacy and security

  • supporting better decision making

  • helping to identify and protect information and records that are high risk, high value, or both

  • promoting the use, reuse and sharing of information and records

  • minimising the risk of illegal or unmanaged access

  • minimising the risk of illegal or unmanaged destruction

  • facilitating legislative compliance.

4. Managing risk to better meet government and community expectations

If an organisation effectively manages the current and future risks associated with disposing of information and records, then this helps it to meet government and community expectations. These expectations include:

  • effective and responsible stewardship of information assets

  • creation and maintenance of information and records that another authorised person or entity can

  • use to hold an organisation to account

  • preservation of information and records with long-term value

5. Three risks when information and records are kept longer than required

An organisation that keeps information and records for longer than required is exposed to three risks: cost, efficiency, and reputation. In particular:

  • cost – the costs of maintaining, accessing and preserving information and records are significant

  • efficiency – systems work less efficiently if they contain too much information and too many records, making it harder and more time-consuming to find the information and records needed to carry out business functions

  • reputation – not disposing of information and records responsibly and on time puts organisations at risk of non-compliance, and increases the risk of inappropriate access or release.