Compliant destruction of Australian Government information

All business information created, sent and received by the Australian Government is considered Commonwealth records. Such information is a valuable asset requiring proper management, from its creation, titling and classification, access, protection, storage and preservation, to disposal.

Disposal of Australian Government information according to the Archives Act 1983 means:

  • its destruction
  • the transfer of its custody or ownership, or
  • damage or alteration.

Destruction refers to the complete and irreversible process of erasing the information so it cannot be reconstituted or reconstructed. Destruction of Australian Government information can occur if it is:

What should I do before destroying information?

When destroying information in accordance with a current records authority issued by the Archives, you should ensure that the information:

  • has reached its minimum retention period
  • is no longer required for ongoing business or accountability purposes

You should also make sure that:

  • the original sentence is still appropriate; consider potential changes in circumstances (eg a non-controversial issue has become controversial or is of public interest that may result in the information needing to be kept for longer; and
  • the information is not affected by:
    • a records disposal freeze
    • related to a current legal proceeding or inquiry
    • subject to a current application for access under the Freedom of Information Act 1982, the Privacy Act 1988, or the Archives Act 1983.

The information should then be destroyed in a secure manner. Appropriate details of its destruction should be maintained, including what information has been destroyed, when, how and under which records authority.

How do I compliantly destroy a information?

Destruction of information should be:

  • authorised – by the Archives through a current records authority, and with relevant agency approval
  • appropriate – the destruction should be irreversible
  • secure/confidential – information should always be destroyed with the same level of security that was maintained during the current use of information. The Protective Security Policy Framework provides guidance on the destruction of security classified information
  • timely – information should not be kept longer than necessary. If a decision is made to retain information longer than the minimum retention period, the reasons for the decision should be documented to assist destruction at a later date; and
  • documented – the destruction of information must be documented to support accountability and compliance with Part 3–11 of the Archives Regulations 2018.

Methods of destruction

There are a number of suitable methods of destruction for physical and digital information.

Physical information

Methods for destroying physical information such as papers, photographs and films include:

  • shredding – cross shredding may be needed for some sensitive documents
  • pulping – pulped paper is reduced to its constituent fibres. If carried out correctly, it is a very secure method of destruction; and
  • burning – should only be used as a last resort in an appropriate industrial facility if no other method of destruction is available.

You should review the guidelines in the Australian Government Protective Security Policy Framework to determine destruction methods suitable for your agency's physical information.

Digital information

Deletion of digital information does not mean destruction. When digital information is deleted, it is only the pointer (the link) to that information (such as the file name and directory path) that is deleted. The actual data objects are gradually overwritten in time by new data. However, until the data is completely overwritten, there remains a possibility that the information can be retrieved.

The process of erasing or overwriting information stored on digital media is called sanitisation. The extent of sanitisation used generally depends on the classification of the information. You should decide on a method of destruction based on a risk assessment of the sensitivity of information and align the classification with a sanitisation technique.

Methods for destroying digital information include:

  • clearing information from the media (eg overwriting) – the information is hidden under layers of nonsensical data and it cannot be retrieved through disk or file recovery utilities
  • purging – the information is randomised so that it is no longer readable and cannot be recovered in a laboratory attack (a laboratory attack is a means of reconstructing information from digital media using nonstandard systems operating outside the media's usual working environment)
  • degaussing – recorded data is erased through a  process of demagnetising magnetic media; and
  • destruction – this is the most extreme form of sanitisation and ensures that the media is drastically altered and can never be reused. There are various methods of destruction including shredding, disintegration, incineration, pulverisation and melting.

To ensure the complete destruction of digital information, all copies should be found and destroyed. This includes removing and destroying copies contained in system backups, cloud and offsite storage. Where information is stored in the cloud, your agency should ensure that the contract stipulates, under retention and disposal requirements, that all copies should be destroyed.

How do I make sure information is securely destroyed?

Australian Government information must be securely destroyed. You should never leave information at the local tip, as it may be retrieved without your knowledge. It is illegal to sell information, even if it would otherwise have been destroyed.

Destruction should be carefully planned and consider:

  • the availability of locked bins
  • the location and method of destruction
  • transportation to the destruction site (close trucks/vans should be used)
  • availability of same day destruction
  • appropriate supervision of the destruction process.

Using a disposal service provider

Contractors can be engaged to destroy information. It is the responsibility of your agency to ensure that your requirements for destruction are included in the contract (eg information remains Commonwealth property until it has been destroyed, and destruction occurs in accordance with the approved methods of destruction).

The contractor should supply you with a certificate of destruction that guarantees that work has been completed. You may also want to request that the certificate of destruction includes the method of destruction used by the contractor.

Recording disposal decisions and destruction of information

Under Regulation 9c of the Archives Regulations 2018, the Archives may request an agency to provide information relating to the disposal or destruction of Commonwealth records in the agency’s custody.

The Regulations no longer require agencies to notify the Archives, via a 'Notification of records destroyed'(ie NAS 45), about the destruction of information. However, to support accountable disposal action and comply with Regulation 11 of the Regulations, agencies must record information relating to the destruction or other disposal of Commonwealth records.

Disposal decisions and destruction of information should be recorded in agency control records, in the corporate records management system or other endorsed business system. Master control records, which include metadata about any information that has been destroyed, are retained as 'national archives'.

Relevant contextual information about the disposal decision and destruction of information should be recorded and may include the following:

  • a description of the records (eg unique identifiers and titles)
  • applicable records authority and class numbers used to authorise disposal
  • date range of the records
  • quantity of records (gigabytes for digital or shelf metres for paper)
  • date of the disposal action (eg date of destruction or transfer)
  • method of destruction; and
  • authorised action officer details.

The level of detail in the record of destruction will depend on the value of information and associated risks. Your agency may decide to document the destruction of low value, low risk information at aggregate level (eg at box or series level), and individually (eg at file or folder level), at a greater level of detail, for high value, high risk information.

Unauthorised destruction of information

If you suspect Australian Government information has been destroyed or disposed of without appropriate authorisation, contact the Agency Service Centre.

For more information see What to do in cases of unauthorised destruction of information.

Copyright National Archives of Australia 2018