Australia's Record Keeping Requirements, Procedures And Policies
Do you know which documents to shred and which to keep?
Businesses in Australia must comply with many levels of legal requirements in order to operate. From protecting personal data – such as confidential client and employee details – to safeguarding sensitive company information and abiding by sector-specific regulations. Failure to comply at any level can impact business continuity, reputation and the bottom line, as well as incur severe punitive and criminal damages.
Shred-it understands the importance for businesses and organisations across all industry sectors to protect confidential information. We also recognise the significant challenge that many of them face in knowing how long documents should be kept before they need to be securely destroyed or de-identified.
A document retention policy is the best way to keep track of the various minimum legal requirements. It also ensures that confidential information is not kept for so long that it becomes a risk in the event of security breach; or contravenes Australian Privacy Principle 11 (APP 11) which states that APP entities must take reasonable steps to destroy or de-identify the personal data as soon as it is no longer required for its primary purpose.
The factors to consider include:
» Your type of business
» The categories of documents
» The minimum legal retention periods for each document type
» The document lifecycle from your business perspective
» The secure destruction process once the retention period is over
The Privacy Act allows for APP entities to de-identify personal information rather than destroy it. Even though this method can be effective in preventing re-identification of an individual, it may not remove that risk altogether. Making sure, however, that your documents are irreversibly destroyed will reduce this risk, especially in case of a security breach. You’ll also want a Certificate of Destruction to adequately document your compliance.
To help you create the right retention schedule for your business, here’s a list of documents that contain confidential information, along with the recommended retention period for each type in accordance with certain legal requirements.
These recommendations on document retention are general guidelines only. They are not intended to represent legal advice. Contact your legal expert(s), regulatory authority, government body or association to ensure you are following current legal requirements for your area.
The Privacy Act requires APP entities to destroy or de-identify personal information securely once that personal information is no longer required for its primary purpose. However, prior to any action, the organisation must also take into account the document retention periods of other applicable legislation, and their penalties for non compliance. Here are some examples:
| COMPANY FILES |
Minimum Retention Period |
| Accounting records detailing company transactions, including supporting documents |
7 years |
Formal company documents
» Statutory books
» Board minutes
» Resolutions |
Indefinitely |
| Other business registers |
5 years (min.) from date of last entry |
| PERSONNEL FILES |
Minimum Retention Period |
| Payroll, wage and other employee records |
Min 7 years from end of financial year |
| GST RECORDS |
Minimum Retention Period |
Details relating to:
» Taxable supply
» Importation
» Creditable acquisition
» Creditable importation |
5 years following assessment period |
| CORPORATION TAX RECORDS |
|
Records of all:
» Company assets (e.g. receipts, sales and purchases)
» Company liabilities
» Income and expenses |
5 years (min.) from end of accounting period. Longer if returns are late |
About Shred-it
Shred-it specialises in providing a tailored document destruction service that allows businesses to comply with legislation and ensure that their client, employee and confidential business information is kept secure at all times. Shred-it provides the most secure and efficient confidential information destruction service in the industry.
For more information: Privacy Commissioner – oaic.gov.au Privacy Act – comlaw.gov.au Corporations Act 2001 – comlaw.gov.au
Does everyone in your organisation know which documents to shred and which should be kept – and for how long?
Without a document retention policy in place, Australian organisations of all sizes risk data loss, information security breaches and falling foul of data privacy legislation if confidential personal information is kept longer than necessary for the purpose it was collected.
Document retention considerations are key in ensuring the secure and efficient flow of information and for providing clear guidance on keeping records – in both hard and soft copy - within any business. In this document retention guide you’ll discover:
- Factors you need to consider when developing a document retention policy
- Retention guidelines for certain key types of document
- Secure destruction recommendations
- Useful further information sources
Download PDF Version