Records management policy
Disposal
Appropriate disposal
Where records have come to the end of their retention period and are to be destroyed, they must be destroyed appropriately.
Disposal should be authorised and systematic. This will involve ensuring that your team has a system in place for the regular review of documents which is authorised by a relevant manager or Head of Service. Where personal data or other non-personal but commercially sensitive personal data is destroyed, it will be safely and securely disposed of using confidential waste units.
Furthermore, in some cases, a record of this destruction should be made. To decide whether to record evidence of its destruction, there should be a consideration of:
- whether there is a business need to record the presence of those previous records
- an assessment of the risk should destruction of that particular record be questioned
The record could include the disposal class, a date range and confirmation that this disposal was authorised, evidence/details of how the disposal occurred. The record of destruction should provide enough detail to identify which records have been destroyed but will not ordinarily contain personal data.
These measures are to safeguard against a proposition that records were eliminated to avoid disclosing them[1]. Therefore, when appropriate, destruction should be documented in line with legislation and appropriate authorisation.
Our obligation
As a local authority, we have an obligation to have a robust back-up system to ensure electronic data which we need to retain is not lost. Please see the IT Back-up Policy for more details.
Disposal of records
When disposing of records the following steps must be considered:
Has disposal been authorised? | Ensure that the disposal has been authorised and that it is done in compliance with the Retention Guidelines, and that an exception does not apply (e.g. there is a legal case or complaint pending). |
---|---|
Is retention required to fulfil legislation or regulatory requirements? | Consider primary and secondary legislation and good practice guidance. |
Is there a current, or potential, dispute or legal challenge? | Our decisions regarding retention will ordinarily take account of the Limitation Act. If there is any ongoing legal case or other dispute, or a potential for one, then we should ensure this data is retained. |
Do the records contain any personal data, sensitive personal data or confidential data? | If yes, ensure safe destruction by shredding or in confidential waste bins. Failure to adhere to this will breach data protection legislation. We must ensure that destroyed data is 'virtually impossible to retrieve'. |
Do we need to keep a record of the documentation destroyed? | Consider this in line with Appropriate disposal above. |
[1] Code of Practice on Records Management issued under s46 Freedom of Information Act 2000; The National Archives, Record Management Policy - Guide