Secure destruction procedure

Intent

To establish sound and consistent processes with respect to the retention and destruction of RMIT records, information and documents (regardless of format), in accordance with statutory recordkeeping standards

Scope

All records outlined for destruction, as confirmed by the Records retention and disposal procedure, must be destroyed in accordance with this procedure.

RMIT must ensure that RMIT records managed by the RMIT Group, offshore partners, outsourced operations and/or contractors are managed in accordance with this policy.

Exclusions

Nil.

Procedure

1. Secure Destruction Bins – Normal Administrative Practice

All work units dealing with sensitive information should have locked confidential destruction bins (for sensitive material) and paper recycle bins (for non-sensitive material). Sensitivity of records can be determined using the Records security classification procedure. Care should be taken to ensure secure destruction bins are used appropriately.

To minimise the risk of illegal exposure or destruction of documents, the following rules apply:

  • Secure destruction bins should never be left in public areas unattended.
  • Secure destruction bins should not be left unlocked unless supervised.
  • Shredder waste should be placed in secure destruction bins.
  • Access to secure bin keys should only be provided to staff who would normally have access to the types of records being placed in the bins.
  • Bins should never be used for destruction of registered files (eg. TRIM files) unless authorised.
  • General paper for recycling should be placed in recycle bins (this should not include any original documents or sensitive material).
  • Duplicate copies and minor drafts and other types of ephemeral records can generally be safely placed in the secure destruction bins. The destruction of such records does not need to be documented. See the Retention and Disposal Procedure for further advice on ‘Normal Administrative Practice’.

2. Appropriate methods of destruction for authorised activity

Refer to the Records retention and disposal procedure to ensure that all required steps have been taken before destruction. Destruction must first be authorised by the University Secretariat.

When destroying RMIT records, hiring of contractors is preferred (see Section 3 below), but alternative arrangements can be made with the University Secretariat for smaller jobs. Destruction in both cases must be:

i. Secure

  • RMIT records must always be destroyed securely.
  • If the records are of a sensitive nature, on-site and supervised destruction is advised. If transported to a destruction facility, they must only be transported in a closed and lockable vehicle. If not practicable, the records should be secured by a cover.

ii. Irreversible

  • Destruction of records should be irreversible. This means that there is no reasonable risk of the information ever being recovered.

iii. Safe

  • Methods of destruction should always take into consideration the health and safety of the persons undertaking the destruction. If you are unsure whether OHS is being adequately covered please contact your OHS Advisor for further advice.

iv. Environmentally friendly

  • All records should be destroyed in an environmentally friendly manner wherever possible and practicable.

v. Recorded and certified

  • A certificate of destruction will be generated when records are destroyed.
  • A University register of destruction is maintained by the RMIT Archives.
  • A certificate of destruction is placed on a registered file, either by the liaising officer or forwarded to the RMIT Archives, together with any other destruction documentation.

vi. Appropriate of format

Strict standards apply to appropriate destruction of records. Liaison with the University Secretariat during records destruction is essential to meet legislative requirements. Required standards include, (but are not exclusive to):

a) Paper

Should undergo both shredding and pulping.

b) Magnetic media such as tapes and floppy disks

Can be bulk erased by degaussing. Magnetic media can then be reformatted and reused. If media contains sensitive information it should be physically destroyed by shredding, corrosion or melting.

c) Optical media such as CDs and DVDs

Should be physically destroyed by cutting or crushing.

d) Hard drives such as those in personal computers, servers, mobile devices and USB sticks

If computers and servers are to be reused, they should be degaussed and reformatted.

When servers and hard drives containing sensitive information are decommissioned, they should be physically destroyed by shredding, corrosion or melting.

e) Film and microform such as video, cinematographic, microfiche, aperture cards and x-rays.

Destroyed by shredding, cutting, crushing or chemical recycling.

f) Electronic systems such as business systems and electronic document management systems.

Records in business systems should be destroyed using the functions of the system where possible, to maintain system integrity. Deletion is a practical method of destruction within such systems, but is only appropriate where the system is in active use. This is because the creation of new records should ensure that deleted ones are overwritten within a reasonable timeframe. If the system is not in active use, or contains highly sensitive information, the records should be overwritten rather than just deleted to prevent them from being recovered.

A record of destruction within business systems must be maintained. If the system doesn’t automatically record the destruction of records, external tools such as audit logs may be used.

3. Using a contractor to destroy records

Contractors may be engaged to destroy records. It remains the responsibility of the University, however, to ensure that destruction is performed appropriately. Contractors must perform destruction in accordance with Section 2 above. Compliance is proved via the certificate of destruction. It is recommended that these obligations are contractually stated.

Contracts with suitable contractors must be developed in accordance with the University’s Contract Management Policy and Contract Management Procedure.

All contracts relating to the handling of university or public records must contain a clause, as described in s.17 (2) of the Information Privacy Act 2000 and the University’s Contract Management Procedure, through which information privacy is transferred from the agency to the contractor.

Advice from the RMIT Privacy Officer or Legal Services can be obtained in relation to suitable contract clauses.

If a suitable clause is not included in the contract, and the contractor breaches privacy law by mishandling personal information, the University as well as the contractor will be held responsible under the privacy legislation.

[Next: Supporting documents and information]