In the context of information and records, disposal means the decision-making processes for retaining, transferring or destroying information and records.
Section 4 of the Public Records Act 2005 (PRA) outlines the types of possible disposal actions. These are transfer of control, sale, alteration, destruction, or discharge.
2. Getting and using authorised approval
Public offices and local authorities must get the Chief Archivist’s authorisation to dispose of information and records by these means (sections 20 and 40 of the PRA). By systematically managing information and records through disposal, an organisation meets its statutory obligations and supports its business needs.
Using authorised disposal actions is an important part of managing information and records effectively, and is a legal requirement.
3. Benefits of authorised and regular disposal
The benefits of authorised and regular disposal of information and records may include:
increasing efficiency by making retrieval faster and easier
controlling how information and records are stored, maintained, accessed and managed
controlling the costs of managing information and records
reducing the risk of breaches in both privacy and security
supporting better decision making
helping to identify and protect information and records that are high risk, high value, or both
promoting the use, reuse and sharing of information and records
minimising the risk of illegal or unmanaged access
minimising the risk of illegal or unmanaged destruction
facilitating legislative compliance.
4. Managing risk to better meet government and community expectations
If an organisation effectively manages the current and future risks associated with disposing of information and records, then this helps it to meet government and community expectations. These expectations include:
effective and responsible stewardship of information assets
creation and maintenance of information and records that another authorised person or entity can
use to hold an organisation to account
preservation of information and records with long-term value
5. Three risks when information and records are kept longer than required
An organisation that keeps information and records for longer than required is exposed to three risks: cost, efficiency, and reputation. In particular:
cost – the costs of maintaining, accessing and preserving information and records are significant
efficiency – systems work less efficiently if they contain too much information and too many records, making it harder and more time-consuming to find the information and records needed to carry out business functions
reputation – not disposing of information and records responsibly and on time puts organisations at risk of non-compliance, and increases the risk of inappropriate access or release.
Last modified on 10 June 2019