How to destroy records
The destruction and transfer of public records must have authorisation from the State Archivist. You can usually get this authorisation through a retention and disposal schedule. Sometimes authorisation may be provided through another legal authority.
You also cannot sell, donate, abandon, damage, or amend a record without authorisation.
Find out how to manage the destruction of records.
Records destruction should be included in your policies and procedures as part of your agency's overall recordkeeping system. This will help you:
- reduce storage costs
- avoid problems of managing and storing vast quantities of records
- use your resources efficiently
- identify what digital records need to be migrated to new systems or new storage media
- find records by reducing their volume
- find records that have permanent value to the State and can be transferred to Queensland State Archives
- promote confidence in efficient public administration and prevent corruption
- ensure records are destroyed in a routine, transparent and timely way.
Before you destroy records, you must:
- have authorisation to dispose of records from the State Archivist
- seek endorsement from your agency's CEO or authorised delegate
- check that records are no longer needed for ongoing business (talk to the relevant business area)
- check that the records are not required for any Right to Information (RTI) requests
- ensure records are not required as evidence for any current or pending legal action (the destruction of evidence is an offence under the Criminal Code Act 1899)
- check that no disposal freezes have been issued for the records
- consider any other potential reason to retain records–you may need to do a risk assessment if they relate to a high-profile issue (e.g. asbestos).
You must have authorisation before records can be disposed of. This authorisation allows you to either destroy records after a set period of time or transfer archival value records to QSA.
The disposal of records without authorisation from the State Archivist is an offence under the Public Records Act 2002.
How disposal authorisation is given
Retention and disposal schedules
Authorisation is usually given through a current retention and disposal schedule approved by the State Archivist.
Using a current schedule means you do not need further authorisation from QSA before destroying records.
Note: Records created before 1950 and records older than 25 years do not need to be referred to Queensland State Archives prior to destruction as long as the disposal authorisation is current. Records can be referred to QSA if you feel they are of significant or permanent value and are not listed as such in a current schedule.
Disposal authorisation number
Before 1 September 2016, disposal authorisation was issued to an entire retention and disposal schedule using a Queensland disposal authority number (QDAN). Lawful disposal was demonstrated by referencing the QDAN, version number and record class reference number.
From 1 September 2016, disposal authorisation is assigned to a class of records, which is allocated a specific disposal authorisation number. You can use this number to demonstrate that disposal has been authorised.
A retention and disposal schedule will still be issued, but schedules will no longer be published with a QDAN.
The web version of a retention and disposal schedule will always have the latest changes and include the date last updated.
QSA publishes a change history table and emails a quarterly change report to agency contacts.
Other means of disposal authorisation
Other types of authorisation, such as a judge's direction, may override the need for authorisation from the State Archivist. Check with your legal team or QSA before disposing of any records where authorisation has not been given by the State Archivist.
You must have endorsement from your CEO or their authorised delegate before you can destroy records.
The endorsement will need to include details about the records being destroyed such as description, disposal authorisation, and date due for destruction.
Your agency's CEO can choose to delegate the endorsement for records disposal. Find out about valid delegations of records disposal authority.
Your CEO or authorised delegate can set up a standing endorsement for a specific set or group of records (e.g. 2008–09 timesheets) and for a certain amount of time (e.g. disposal carried out in 2015–16). This allows you to destroy those records efficiently without seeking endorsement each time.
When setting up a standing endorsement you need to work out:
- what records to include and why
- if there are any risks associated with ongoing endorsement (if a risk assessment shows there are major risks, a standing endorsement is not appropriate)
- what period of time the endorsement will last–yearly or six monthly endorsements may be appropriate
- ways to monitor changes to retention periods (e.g. changes to record classes in the GRDS) so endorsements are cancelled and new ones issued
- how to complete your usual checks before destroying the records (e.g. making sure the records aren't needed for business or legal reasons, and that a disposal freeze has not been issued)
- how to document the destruction of records.
The destruction of records must be done securely.
The most appropriate method will depend on the format and security classification of your records, the methods available, and whether you need a commercial destruction service.
The destruction of records should take place as soon as possible after the endorsement has been given.
Paper and physical records can be destroyed in 3 ways.
Choose a method suitable for the document's sensitivity (e.g. use cross shredding in a 2 axis shredder for sensitive documents).
Check what happens to the shredded paper once the destruction has taken place. There is a risk of destroyed records being recreated, especially if material is recycled.
A secure method of destruction if carried out appropriately.
Records can be burnt in an industrial incinerator subject to local environmental conditions (may be appropriate in regional areas if other methods of destruction are unavailable).
Burying records is not an option because of the risk of them being rediscovered or recreated.
Digital records and storage media
Pressing 'delete' or reformatting a disk simply removes the link to records; it may not remove data. Digital records need to be sanitised to ensure no information can be recovered. This also applies to any devices with storage (computers, mobile phones) before they are sold or otherwise disposed of.
There are 4 main methods of destroying digital records.
Commercial and open source software is available for the secure overwriting of data.
Use the 'secure erase' feature built into some devices to completely purge information from the device.
Commercial degaussing units can be purchased—degaussing should only be conducted by trained and authorised personnel.
This usually involves physical disintegration or pulverisation, chemical destruction and incineration.
This method may need to be carried out by a commercial destruction service that is capable of securely destroying the media and disposing of the waste.
The physical destruction of digital media should only be conducted by trained and authorised personnel.
Choose the best method
The method of sanitisation necessary to appropriately destroy digital public records will depend on the data's sensitivity and the type of storage media.
|Media/device||Non-sensitive||Moderately sensitive||Highly sensitive|
Hard disk drive
Solid state media (solid state drives, memory sticks, memory cards, flash drives, etc.)
Random Access Memory (RAM)
|Hybrid device||As above for each component after dismantling||As above for each component after dismantling||As above for each component after dismantling|
|Faulty, unreadable or unusable media or devices, or where sanitisation fails||Physical destruction||Physical destruction||Physical destruction|
|Read Only Memory (ROM)||Physical destruction||Physical destruction||Physical destruction|
|Programmable Read Only Memory (PROM)||Physical destruction||Physical destruction||Physical destruction|
|Erasable Programmable Read Only Memory (EPROM)||Manufacturer specification for ultraviolet erasure time is multiplied by 3 to ensure data is irretrievable||Manufacturer specification for ultraviolet erasure time is multiplied by 3 to ensure data is irretrievable||Manufacturer specification for ultraviolet erasure time is multiplied by 3 to ensure data is irretrievable|
|Electrically Erasable Programmable Read Only Memory (EEPROM)||A single overwrite with random data||A single overwrite with random data||A single overwrite with random data|
Using a commercial destruction service
When using a commercial destruction service, your agency remains responsible for ensuring the records are securely stored, transported and destroyed.
Your service contract should require that records are securely transported and destroyed as soon as possible after their arrival at the destruction site.
You must document the destruction of records.
You must keep this information as proof that they were lawfully destroyed. It may be required in response to RTI requests, court proceedings or an audit. It does not need to be referred to QSA.
If you are using a commercial destruction service you will need to obtain evidence of secure destruction from the service provider.
As a minimum, the documentation should include:
- evidence of current disposal authorisation
|Schedules not covered under new disposal authorisation||Schedules covered under new disposal authorisation|
|QDAN + QDAN version number + record class reference number|
Example: QDAN249v7 ref 2.3.1
Disposal authorisation number
- a description of the records and date range–this may be a listing of all records or files being destroyed or a summary of a group of records
- evidence that the disposal was properly approved, for example an email from the CEO (or authorised delegate)
- evidence of how records were destroyed, for example a certificate specifying the method, place and date of destruction and details of the staff or contractor who carried out the destruction.
How you document disposal, including how you describe records, is up to your agency. Consider:
- what metadata about records is kept and how
- what information is required to adequately explain what records are being destroyed and when (e.g. timesheets 2001-2004 or External relations–Complaints–Complaint from [name] [date] regard [incident].)
- the level of risk (e.g. high-risk vs low-risk records, risks level of activity documented)
- why the records are being destroyed (e.g. routine disposal, bulk sentencing and disposal project, decommissioning a system, digitisation)
- current projects or circumstances
- the significance and type of records.
Resources and tools
To record destruction, update your agency's recordkeeping solution or adapt our templates.