The new year is fast approaching and it seems timely to remind you of legislation that goes along with a ‘cleaning out’ of the archives. Before you press delete or shred that document, be sure to exercise diligence in complying with document and record retention requirements. Non-compliance can result in economic loss or even strict criminal liability for individuals and organisations.

Background

There are various legislative regimes in Australia which prescribe specific timeframes for document and record retention and destruction. Non-compliance with such requirements can result in economic loss, such as losing coverage of insurance,  or even strict criminal liability for individuals and organisations – the most common example being for a company, its directors and officers.

Currently, there are around 80 Acts at both the State and Federal level which regulate document and record retention and destruction. The various regimes are not codified in any way, some are industry specific and some are catch-all legislation. Where there is an applicable regime, care should be taken to ensure that requirements in relation to the form, manner, location and length of time that documents must be kept are complied with.

Where there is no clear legislative guidance as to the applicable retention period, the documents must be kept for a reasonable time, which is usually seven years.

Storing documents and records electronically

Special regard should be given to documents and records stored in electronic form. Publications such as AS 4390 Australian Standards  for  Records Management and Australian Standard (AS ISO15489) provide useful guidance for keeping electronic records. There are also individual regimes governing electronic transactions. The applicable Commonwealth and State Evidence Acts and Electronic Transactions Acts set out the various requirements.

Destruction of documents

In addition to the retention period set out in the various regimes, there are additional common law and legislative duties in relation to document destruction. For example s254 of the Crimes Act 1958 (Vic) creates an offence of the destruction of evidence which ‘is, or is reasonably likely to be, required in evidence in a legal proceeding’.

On the other hand, the Privacy Act 1988 (Cth) requires that records containing personal information must be destroyed or permanently de-identified when no longer needed for any purpose for which the information may be used or disclosed under the Privacy Act. This means a balance must be struck between retaining documents in accordance with applicable retention periods and destroying them when they are no longer required for any legitimate business purpose.

Document retention policies should also explain how documents are to be destroyed, to ensure this is done in a safe and secure manner.

Table of common legislative regimes

The attached table outlines some of the more commonly applicable legislative regimes governing document and record retention and destruction, individual research into the regimes should be conducted as retention requirements may change.

This table has a private sector focus and therefore does not address special record retention issues particular to the public sector, such as the Public Records Act 1973 (Vic). It is intended only as a high level aid to identifying relevant regimes and does not constitute legal advice.

Next steps

We recommend organisations be diligent in identifying and recording the document retention and destruction obligations which apply to them.