Go to top of page

Understand your legislative obligations

1. Public Records Act 2002

The Public Records Act 2002 governs recordkeeping for all Queensland public authorities.

It includes specific recordkeeping requirements that all agencies must comply with–what records need to be kept, by who, and why.

These requirements need to be included in your recordkeeping plan so that you meet your obligations under the Act.

Section 6: What is a public record

A public record is a record created, received or kept by a Queensland public authority in the course of their statutory, administrative or other public responsibilities.

Ministerial records are also public records. These include records created or received by the Minister in the course of carrying out their Ministerial portfolio responsibilities. A Ministerial record does not include records related to personal or party-political activities or records held in the Minister’s capacity as a member of the Legislative Assembly.

Some records have short-term or transitory value and can be destroyed as soon as you have no business use for them.

Some records need to be kept temporarily–anywhere from 2 to 100 years (or more).

Some records have a permanent value to the state and will come to Queensland State Archives (QSA) once their business use ceases. QSA keeps these records and enables the public to access them once any restricted access period has expired.

Section 7: Making and keeping of public records

You must make sure you’ve created and captured full and accurate records of your business.

Records must be kept safe and secure until you’re legally able to destroy or transfer them to QSA.

You must also have regard to any relevant policy, standards and guidelines made by the State Archivist about the making and keeping of public records. This includes Information standard 40: Recordkeeping (IS40) and Information standard 31: Retention and disposal of public records (IS31).

Section 8: Custody and preservation of public records

This section applies to agency responsibilities for records within their custody, possession and/or control (e.g. physically in your offices, off-site).

You must make sure that the records you have in your custody and/or under your control are stored appropriately with preservation measures applied so that they stay accessible and usable.

Records in your control will include:

  • any that you’ve created or received in the course of your normal business
  • any records inherited or transferred to you as part of a machinery-of-government change or as specified in legislation
  • any records created or received on your behalf (e.g. when outsourcing functions).

If your agency is subject to a machinery-of-government (MOG) change, you need to establish responsibilities for transferring or receiving records.

Machinery-of-government changes may make it necessary for relevant and responsible public authorities to be assigned though a regulation.

See also Information asset custodianship (IS44).

Section 9: Ownership of public records

Public records are owned by the State of Queensland or the relevant local government.

Section 13: Disposal of public records

You cannot destroy records without authorisation from the State Archivist.

Authorisation is usually provided in a retention and disposal schedule.

You need to get sign-off from your CEO (or authorised delegate) and document the destruction of your records.

In some cases, records may be authorised using another piece of legislation or a legal authority. Always check with QSA before you consider any destruction in this situation.

Sections 8 and 15: Responsible and relevant public authority

These sections deal with agency responsibilities for the custody of records in their possession and access to records held by QSA.

A relevant public authority is an agency with responsibility for, and control of, records previously created by an agency that no longer exists. Responsibility for the records must have been assigned by a regulation under the Public Records Act 2002. The records must relate to a function that is no longer performed by government and must not be in the custody of QSA.

The relevant public authority takes on all the recordkeeping responsibilities for managing and preserving the inherited records.

A responsible public authority is an agency with responsibility for setting and amending restricted access periods and making decisions about providing access to records held in the custody of QSA.

A relevant public authority may become a responsible public authority if the records involved in a MOG change are already in QSA’s custody or are later transferred to QSA.

A relevant or responsible public authority will need to be assigned under a regulation if both of these conditions are met:

  • the functions involved are not being continued by the government
  • a responsible agency has not been identified by legislation.

When a responsible or relevant public authority needs to be assigned by a regulation under the Act, it is usually under s15 or s8.

Section 16, 18 & 19: Restricted Access Periods (RAPs)

Sections 16 to 20 of the Act deal with access to records and restricting access for a certain amount of time.

Find out about Restricted Access Periods (RAPs).

Section 16 of the Act sets out the maximum RAPs that can be applied and to which types of records. Use this to determine a RAP when you transfer records to QSA.

Under section 18, you need a regulation to restrict access to records for more than 100 years, or for privacy, security or preservation reasons.

Section 19 sets out when and how a RAP can be changed by the responsible public authority (e.g. legislative or regulatory change, passage of time provides a different perspective on the sensitivity of information).

Sections 17, 18 and 20: Access to records

If a record’s RAP has ended, then we must allow public access to that record.

Access to any record can be denied by the State Archivist for various reasons (e.g. a record in a poor state of repair may be damaged further). Section 18 details those reasons.

If a record is still under a RAP, access to that record can be granted with specific authorisation from the responsible public authority or by application under the Right to Information Act 2009.

Section 26: Authorisation to dispose of records

Under section 26, the State Archivist may authorise the disposal of public records or classes of public records, usually upon application by, or with consent from, the public authority that controls those records.

Authorisation to dispose of public records is usually granted through an approved retention and disposal schedule.

Schedule 2: Definition of a public authority

All public authorities are obliged to follow the Public Records Act 2002 when managing their records.

A public authority is a government agency or organisation defined as a public authority under Schedule 2 of the Public Records Act 2002. This includes:

  • Ministers and Assistant Ministers
  • Departments
  • the Governor
  • the Executive Council
  • organisations created by the Governor, a Minister or through legislation
  • commissions of inquiry
  • government owned corporations
  • entities established by the State and a local government
  • officers of the court
  • a rail government entity under the Transport Infrastructure Act 1994
  • local governments.

2. Information standards

There are a number of standards designed to help you meet your recordkeeping requirements.

Standards issued by QSA

Information Standard 40: Recordkeeping (IS40) breaks down the general recordkeeping requirements of the Act into 7 principles.

Information Standard 31: Retention and disposal of public records (IS31) focuses on the retention and disposal requirements of the Act.

Standards to assist the management of records and information

Information Standard 18: Information security (IS18) aims to help agencies implement a consistent approach to information security and the protection of information assets.

Information Standard 34: Metadata (IS34) provides the minimum requirements for managing metadata of government information and information assets.

3. Other legislative requirements and obligations

Other legislative requirements include any legislation and related regulations applicable to all public authorities (e.g. Information Privacy Act 2009, Right to Information Act 2009).

You can find out what legislation applies to your agency in the Queensland Arrangements Administrative Order, your annual report and other publications, internal documents and talking to other employees.

See also legislation for the public service.

We recommend that you find and read all relevant legislation to understand your obligations and how they impact your recordkeeping.

Consider any other standards or policies that may apply to your agency, e.g. QGEA policies, standards and guidelines.

4. Determine legislative requirements and obligations

You will need to identify the legislative requirements you must meet, including requirements in the Public Records Act 2002.

Find out your requirements and obligations under the Public Records Act 2002.

Other legislation

Most recordkeeping requirements are not written explicitly in legislation. The following keywords and phrases may help you find requirements:

  • ‘There shall be a register of licences’ means that the register is a record and must be captured
  • ‘The form must include the applicant’s name and date of birth’ means that specific information must be captured
  • ‘Applications must be lodged using an official form’ means that the record must be created in a specific format
  • ‘The Registrar must keep all approved applications for a period of seven years from the date of their lodgement’ means that the record must be kept for a certain amount of time
  • ‘The Registrar must destroy all unsuccessful applications one year after the date of their lodgement’ means that the record must be destroyed after a certain amount of time
  • ‘The register must be open for inspection by the public’ means that access must be provided to the record
  • ‘Applications must be stored in such a way as to keep their contents private’ means that access to the record is restricted

See also a list of keywords that may indicate recordkeeping requirements.