Personal information is at risk when agencies do not have an effective disposal program in place and continue to hold public records for longer than the required minimum legal retention period.
Records can be in any format and include documents, databases, database entries, emails, messages, images, recordings etc. Public records are any records made or received by a public officer in the course of their duties.
Concerns about retaining personal information
Public offices may be concerned about retaining peoples' personal information for extended periods of time - in case they are not compliant with the Privacy and Data Protection Act 2014 (PDP Act) and due to the increased risk of data breaches where an office holds more information that it needs to conduct business.
This guidance sets out the legal requirements around retaining and disposing of personal information under the PDP Act and the Public Records Act 1973 (PR Act).