Some activities and record types have additional considerations and recordkeeping requirements.
Find out how to manage these records.
Table of contents
You need to consider information privacy when managing your records, especially those that contain information about people.
You will need to make sure that appropriate access restrictions and permissions are applied to records that contain sensitive or personal information.
Draft documents are public records. How long you need to keep them will depend on the significance of the final document and the changes the draft shows.
What drafts to keep
Drafts may need to be captured and kept if they:
- contains decisions, comments, feedback, annotations, requests, actions or any other kind of significant information that is not captured elsewhere and provides context to the development process or the final version
- helps with internal processes (e.g. so that a workflow approval can be initiated, or to show that a certain step in a process has been completed).
Some drafts need to be kept for a specified period of time (e.g. draft submissions and legislation). Check your retention and disposal schedule to find out how long you need to keep drafts.
When to destroy drafts
The General Retention and Disposal Schedule contains a record class for drafts.
Drafts that do not need to be kept can normally be disposed of under this record class when business use ceases so long as they meet the specific criteria listed.
Find out more about disposal of transitory records.
All documents created by Queensland Government are public records, including copies.
Copies are records that are the same as an original/official public record. No information has been added, annotated, changed or deleted on the copy.
What copies to keep
A copy becomes a new record, and will need to be captured, when they:
- have been modified in any way
- have become your official record of a business activity
- have been given to you by another agency (e.g. as part of a MOG or administrative change, if you need access to these records, or a copy needs to be filed with your agency) and it becomes the official public record for your agency.
These copies need to be kept as an official record and sentenced based on the function or activity they relate to.
If copies are in the custody of a private entity (e.g. as part of an outsourcing or privatisation), they will need to be managed accordingly. See our advice on outsourcing, privatisation and providing access to records during a machinery of government change.
When to destroy copies
The transitory and short-term records section in the GRDS includes disposal authorisation for copies of public records. This disposal authorisation (1271) covers working copies of records used for reference purposes.
Some copies of records are excluded from this class, and cannot be disposed of when business action is completed. See the GRDS for the list of exclusions.
Find out more about disposal of transitory records.
Electronic or digital signatures are a method of authenticating a person as the source of a digital message and indicates their approval of the information contained in the message.
Digital signatures include:
- digitised signatures—a scanned handwritten signature inserted as an image; use of signature blocks (e.g. on emails)
- online forms—Adobe forms; workflow approvals in applications (e.g. timesheets)
- touch screens—signature on a touch screen using a stylus (e.g. Australia Post courier delivery)
- digital signatures—use of digital code and encryption technology to verify the contents of an digital document.
The Electronic Transactions (Queensland) Act 2001 provides for the use of digital signatures, as long as they meet 3 criteria:
- the signature identifies a person and indicates their intention (e.g. providing approval via an email)
- the signature is appropriate (reliable) for its purpose (noting that digital signatures offer greater security than digitised signatures)
- the person receiving the document consents to receiving a signature in electronic form.
Schedule 1 of the Act outlines exclusions regarding the use of digital signatures.
Implementing digital signatures
Your business may be subject to legislative provisions that require your records to be in a particular format.
In the absence of any specific legislative requirement, you should use a risk-based approach to deciding whether a digital or physical (wet) signature should be used.
If you are implementing digital signatures, you should:
- perform (and document) a risk assessment for the use of digital signatures—some records may require more robust forms of identification/authorisation than others (e.g. contractual documents over a certain value)
- undertake an environmental scan for business requirements or other legal or policy obligations that may require ‘wet’ signatures
- develop and document processes and/or any policies and related responsibilities regarding the use of digital signatures
- ensure any newly developed processes are understood so they can be implemented as standard business practice (for defensibility)
- ensure appropriate security measures are in place to prevent any unauthorised use of digital signatures
- appropriately manage the document to which the signature has been added as a record, to ensure it maintains its complete and reliable characteristics throughout its life.
The Queensland Law Society article Electronic signatures: When are they effective? (210 KB) provides more detail about the relationship between electronic/digital signatures and legislative framework for electronic communications.
See also the Queensland Audit Office’s article on how to electronically approve documents and expenditure for an overview of their legal requirements, and their internal process when signing their independent auditor’s opinions electronically.
Credit cards and associated data have their own set of recordkeeping requirements.
The Payment Card Industry Data Security Standard (PCI DSS) applies to all entities involved in payment card processing.
It contains specific mandatory requirements regarding the storage and disposal of credit card details.
- Sensitive authentication data (3 digit numbers on the back cards) should never be stored—this information must be destroyed immediately after the transaction has been authorised.
- Primary Account Number (PAN) (the card number) needs to be rendered unreadable when it is stored.
Destruction of credit card data
The General Retention and Disposal Schedule includes 2 record classes authorising the destruction of both cardholder and sensitive authentication data in accordance with the standard.
Consider your recordkeeping process for payments to ensure that cardholder data can be destroyed immediately or as soon as business use has ceased and that other required information can be stored for the required retention period.
What information can be kept?
Under the PCI DSS, the primary account number and any other credit card information must only be kept if there is a valid legal, business or regulatory need for that data.
If you do need to keep any information for a certain period of time after the card transaction has occurred, you must ensure that the cardholder data is stored or redacted in some way.
You will need to ensure that your system can meet the requirements in the standard. If you can’t, this information cannot be stored.
Include the capture and management of credit card data into your agency’s recordkeeping procedures, or include recordkeeping requirements in procedures for taking payments.
See the blog post a change is on the cards for more information on sentencing credit card data.
The diaries of local government mayors and councillors are public records and need to be managed as such.
The Local Government Sector Retention and Disposal Schedule covers records created, received or kept by Mayors and Councillors in their official capacity, including official work diaries.
Find out what diaries to keep.
Personal emails and information relating to political parties generated by Mayors and Councillors when they are not acting in their official capacity are not public records.
The responsibility for running local government elections resides with the Queensland Electoral Commission.
Although election records can be sentenced under section 13.8 of the Local Government Sector Retention and Disposal Schedule, we recommend local governments also consult with the Electoral Commission about the retaining and disposing of these records.
If your agency has contact with lobbyists, you must capture and manage records relating to that contact.
The Integrity Act 2009 governs the contact between lobbyists and the government including opposition representatives.
The Queensland Integrity Commissioner maintains the Register of Lobbyists which is required under s.68 of the Act.
See also the Crime and Corruption Commission's Lobbying (corruption prevention advisory).
Contact with a lobbyist
Contact with lobbyists includes telephone calls, emails, written mail and face-to-face meetings. Contact may also be through social media and other online channels.
It’s important that you capture the decisions and actions from these interactions with lobbyists to show there was no undue influence in providing an accountable and transparent government.
Ensure you record any contact with lobbyists on your agency’s register of contact with lobbyists by providing the:
- date of the meeting
- title(s) and name(s) of government representatives
- name of the lobbyist entity
- name of the client
- purpose of the meeting.
How long to keep records of contact with lobbyists
Any records that you create can be sentenced under the General Retention and Disposal Schedule.
If you have contact with entities that are not considered lobbyists, these records can be sentenced according to the business activity they relate to.
Your agency is responsible for the ongoing management of legacy records created by your agency or inherited from another agency as part of a machinery-of-government change (MOG) or administrative change.
Legacy records must be kept, managed and remain accessible for their full retention period.
Close legacy records when the function they relate to ceases. You should also update metadata to document that the function has ceased and that no new records will be created.
If you have inherited legacy records from an agency that has closed, consider how they will be managed. You may need to decide if it is easier to manage them separately or if they should be integrated into your current recordkeeping system.
If you integrate legacy records into your recordkeeping system, you will need to update existing tools, procedures, policies and business systems to include them.
You will also need to update metadata to document the records’ history.
Find out more about documenting a MOG or administrative change, and recordkeeping activities and event history metadata.
Sentencing and disposing of legacy records
Legacy records should be sentenced under a current retention and disposal schedule. If there isn’t a schedule you can use to sentence the records, they can't be destroyed. These records will must be kept and preserved until disposal authorisation is given.
Find out about disposal authorisation and how to develop or review a retention and disposal schedule.
If you are sentencing a large number of legacy records, find out how to sentence them in bulk
If necessary, legacy records can be stored or sent to secondary or offsite storage until they can be disposed of.
You may need to review your core retention and disposal schedule if the legacy records are not covered.
Right to information requests
Any records which are subject to a request for access under the Right to Information Act 2009, the Information Privacy Act 2009 or any other relevant Act must not be destroyed until the action, and any applicable appeal period, has been completed.
See also the Office of the Information Commissioner's advice on Documents of an agency and documents of a Minister.
A duty of care exists for agencies to ensure records that may foreseeably be needed as evidence in a judicial proceeding, including any legal action or a Commission of Inquiry, are not disposed of.
The destruction of evidence is an offence under the Criminal Code Act 1899 (s.129)—‘for a person, who knowing something is or may be needed in evidence in a judicial proceeding, damages it with intent to stop it being used in evidence’.
Internal processes should be implemented to meet this obligation. You may need to consult with your legal or Right to Information area.
If it is reasonably expected that a judicial proceeding may occur or if your legal team requests it, an internal disposal freeze can be issued for certain records. This will help to prevent them from accidentally being destroyed. For example, you could expect that you will need to retain property files that refer to the use of asbestos in buildings.
Note: A preference for paper or electronic forms of evidence may apply. This will depend on the rules and procedures under which the relevant judicial or review body operates.
If your agency has operations in other States or overseas, ensure your risk assessment considers the applicable evidence laws in these jurisdictions.
Once legal proceedings have finished, consider the potential future legal need for the records (e.g. for an appeal).
Records do not need to be resentenced once legal proceedings have finished and disposal freezes have lifted; however, they may need to be reassessed and resentenced based on their disposal trigger and the significance of the records (if it has changed).
Records will need to be kept for longer than the current retention period if there is a likelihood they will be required again.
Before destroying records, ensure that there is no further business or legal requirements for retaining them.
Backups of entire systems and information in case of failure are usually done for disaster recovery or business continuity purposes.
Your agency IT team will create and manage backups. You may need to ensure that:
- backups can be used to restore some or all records
- individual records can be extracted
- backups are managed appropriately, kept for as long as necessary and destroyed correctly.
You may need to consider:
- the backup cycle (e.g. daily, weekly or monthly)
- whether backups are incremental, full or a combination of both depending on when it’s done
- how critical the information being backed up is and how often it is changed in the application
- how often backups are tested to ensure that the system can be recovered from the backups
- how long backups are kept—they can be destroyed after business action completed under the General Retention and Disposal Schedule, however, you and your agency’s IT team will need to decide when that is
- whether your IT team knows how to extract individual records from the backup.
It may be necessary to have multiple backups in multiple locations. While this can make it difficult to destroy data, it may be necessary if a location or backup fails.
Why backups are not a recordkeeping system
Backups are not recordkeeping systems and should only be used for business continuity and disaster preparedness purposes. This is because they:
- save all your data as one collection of information or as an entire system—this makes it difficult to find information and manage retention periods
- are usually unable to ensure records remain accessible, usable and preserved for the entire time you need to keep the records
- don’t usually keep or maintain any of the metadata associated with the records
- use proprietary storage software meaning you need to pay to maintain access to your backups
- increase the risks to your records and information the longer you keep them, particularly if vendors change or go out of business
- are at risk of technological obsolescence if they rely on specific software or hardware.
Find out more about what to do with backups.
Information Standard 18: Information security (IS18) includes information on backup requirements and the appropriate disposal of media.
Shared service providers are a form of outsourcing, although usually the provider is another government agency rather than a private entity.
Find out about outsourcing a function or activity.
Custody, ownership and responsibility for records
During any shared service arrangement, the shared service provider will create, receive and manage public records on your agency’s behalf.
Your agency is responsible for these records and ensuring you continue to meet your recordkeeping obligations. The status of records during outsourcing cheat sheet outlines which agency is responsible for which records.
Find out more about custody, ownership and responsibility for records.
There are specific recordkeeping considerations when using a shared service provider. You need to make sure:
- both your agency and the service provider are clear on who is responsible for which records, including endorsing the transfer or disposal of records.
- the service provider creates and keeps complete and reliable records of the activities they perform on behalf of your agency
- the service provider is aware of their responsibilities to create and keep records documenting the function
- records are kept safe, preserved and returned to you at the end of the agreement unless lawfully destroyed
- everyone has access to the records that they need
- recordkeeping responsibilities and requirements associated with the function being outsourced can continue to be met (e.g. access restrictions, privacy, preservation)
Note: You can delegate responsibility to endorse the disposal or transfer of records to a position within the service provider.
Find out more about recordkeeping considerations and what to include in a shared service agreement.
Find out about the options to provide access to records when outsourcing.
Sentencing records created and managed by a shared service provider
The service provider does not need permission from QSA to use your agency’s core retention and disposal schedule for your core records.
Any records about the management of the service arrangement should also be sentenced against the most appropriate class in either your agency’s core retention and disposal schedule or the GRDS.
The shared service provider can sentence their core and administrative records against their agency core schedule or the GRDS as normal.
You can find more information about shared service providers under machinery-of-government and administrative changes.
This advice includes things to consider before entering into a shared service arrangement and recordkeeping requirements.
- About machinery-of-government and administrative changes
- Things to consider when outsourcing
- Custody, ownership and responsibility for records
- Identifying records involved when outsourcing
- Provide access to records when outsourcing
- Recordkeeping considerations for shared service arrangements and outsourcing agreements
- Prepare and transfer records to a shared service provider.
See also cloud services and storage.
Building information modelling (BIM) is the digital representation of physical and functional characteristics of a building, piece of physical infrastructure or environment. BIM graphical and non-graphical information are public records if they are created or received by a public authority in transaction of its business activities and processes.
From 1 July 2019, BIM is to be used when the design, delivery and asset management of all new major construction projects costed at $50 million or more commence a business case, and those involving significant alterations, extensions, renovations and repurposing of existing assets.
- provides advice for all Queensland public authorities on the management and disposal of BIM records
- provides specific advice to creators, users and managers of BIM records to ensure they remain accessible for the life of the infrastructure asset
- supports the Digital Enablement for Queensland Infrastructure–Principles for BIM implementation.
How long you keep BIM records will depend on their value. The common activities section of the General Retention and Disposal Schedule includes disposal authorisation for BIM records (2422 and 2421). The transitory and short-term records section also includes disposal authorisation for Routine computer operations (1270), which may include BIM records only required for a short period of time and do not have ongoing or enduring value. See the guideline and/or the record classes in the GRDS for full details and lists of example records and exclusions.
Transitory and short-term records, also known as ephemeral records, are created as part of routine transactional business practices and are not usually required for ongoing business.
These are records that may help an action or a process move forward, but don’t in themselves have any long-term value and are not needed to understand the business action or process. They are usually only required to be kept for a short period of time.
Examples include drafts not intended for further use or reference, copies of material retained for reference use only, working notes, call centre recordings, routine CCTV footage and credit card payment data.
Management of transitory and short-term records
Transitory records do not need to be formally captured into your agency’s recordkeeping system unless you have a specific requirement to do so.
Each agency should have procedures in place to assist with the management of transitory and short-term records. Identify:
- which records are transitory or short-term records
- which records need to be formally captured
- how they should be managed
- how long they should be kept.
Consider your legal, business and other requirements - these may affect what records can be considered transitory or short-term records, how they should be managed, and how long they need to be kept.
What transitory records to keep
Some transitory and short-term records may need to be captured and kept as official records.
Transitory and short-term records will need to be captured and kept if they:
- are required for ongoing business use
- are needed as evidence of business activities or used to inform decisions or actions–for example, surveillance footage required for an investigation, call centre recordings created as the official record of advice provided
- result in further action or service–for example, social media post that requires follow-up action.
See the exclusions in each record class for examples of the types of records that may need to be captured and kept.
Disposal authorisation for transitory and short-term records is given in the General Retention and Disposal Schedule (GRDS).
Record classes in the transitory and short-term section of the GRDS have a disposal action of ‘until business action completed’. It is up to your agency to determine when transitory or short-term records can be destroyed based on:
- your agency’s business requirements
- the level of risk acceptable to your agency
- the records created.
You can choose to implement a specific retention period for some most transitory records if necessary (e.g. 6 months for all draft publications).
Before you destroy
Before you destroy transitory and short-term records, make sure the records are not:
- required for judicial and litigation proceedings, Commissions of Inquiry, or legal action, whether or not the State is a party to that litigation
- covered by any other laws or policies requiring the records be retained, for example, a current disposal freeze or retained in accordance with the Evidence Act 1977 and the Criminal Code Act 1899
- needed for accountability purposes or to support the ongoing efficient administration of agency business
- linked to community expectations about rights and entitlements
- considered to have cultural or known historical value.
You must also ensure records being destroyed are covered by the classes in the GRDS and not listed in the specific exclusions provided in each record class.
Once business use has ceased, records identified as transitory and records with short term retention can be destroyed.
Documenting destruction of transitory records
You do not need to document the destruction of transitory records.
However, if transitory records have been captured into your agency’s recordkeeping system, their disposal must be documented and endorsed. You must keep this information as proof they were lawfully destroyed.
Transitory CCTV records and the disposal freeze for children’s records
The current disposal freeze for all records which are relevant to, or may become relevant to, an allegation of child sexual abuse covers all records relating to children.
For some agencies, this may include CCTV and other surveillance or monitoring footage captured on a routine basis (e.g. at train stations where children frequent).
Due to the significant cost and resource implications associated with retaining all CCTV recordings indefinitely, you can continue to keep and dispose of recordings generated from the use of CCTV cameras in line with your agency’s current documented procedures.
However, where an incident is identified or reported that may potentially fall within the scope of the disposal freeze, then the footage from these incidents will need to be retained until the disposal freeze is revoked.