What is destruction?

Destruction renders records unreadable and irretrievable.

Public records can only be destroyed or otherwise disposed of in accordance with Standards issued under section 12 of Public Records Act 1973 (the Act).


In line with Public Record Office Victoria (PROV) Standards, destruction of records should meet the following principles:

Destruction principles

There are multiple ways records can be legally destroyed:

  • In accordance with the principle of Normal Administrative Practice (NAP). Records which can be destroyed under NAP include working documents of rough notes and calculations; drafts not intended for retention, of which the content has been reproduced and incorporated in the agency’s recordkeeping system; and additional copies of documents, emails and publications, maintained for reference.
  • Under a Retention and Disposal Authority (RDA). RDAs specify minimum retention periods for classes of records and authorise destruction of time-expired records.

  • Under a specific authorisation to destroy records not covered by either of the above. This is in the form of a Single Instance Disposal Authority (SIDA). These are usually used for records of functions/activities no longer performed by an agency; or records inherited by an agency resulting from machinery of government (MoG) changes.


Destruction will minimise storage costs and administrative overheads, comply with privacy requirements, and reduce the risk associated with inappropriate information release.

RDAs are the legal instruments which provide disposal authorisation upon which a government agency can act. In addition, internal authorisation should be obtained prior to destruction to ensure the government agency has no further business or legal need for the records.

Under Section 19 of the Act, it is an offence to unlawfully destroy a public record (except where done in accordance with standards established under section 12 of the Act.)


Agencies must also ensure that destruction does not breach any other legislative requirements. For instance, it is an offence under section 254 of the Crimes Act 1958 for a person to destroy a document that is, or is reasonably likely to be, required in evidence in a legal proceeding, with the intention of preventing the document from being used in evidence in a legal proceeding.

Records should not be destroyed which are subject to a current Freedom of Information (FOI) request, until all avenues of appeal have been met.

Destruction should be:

  • securely performed by an officer of the agency, or by an authorised officer where services have been outsourced
  • irreversible, meaning there is no reasonable disk of the information ever being recovered.


Extra care should be given to records containing sensitive information, which can be categorised as:

  • personal and private information (e.g. patient health records, employment records)
  • financially or commercially sensitive information (e.g. tender documentation)
  • riminal or civil investigations (e.g. fraud investigation records)
  • information posing a security risk (e.g. security procedures).

See Commissioner for Privacy and Data Protection for further information about privacy and security requirements.

Proof of destruction must be documented, regardless of the format of destruction, to ascertain whether destruction has taken place, and may be required in litigation proceedings, in response to FOI requests, or as requested from PROV.

A destruction register should be kept, linking individual records to be destroyed with consignments sent for destruction. The destruction register should note: Title and unique identifier of record; relevant RDA and class; date of destruction; individual authorising destruction and their position in the agency.

A certificate of destruction should be generated when records are destroyed, and should be placed on file with any other destruction documentation. It should note: description of records; date of destruction; method of destruction; individual performing/supervising destruction.


The health and safety of the person/s undertaking destruction should not be compromised when records are being destroyed.


All records should be destroyed in an environmentally friendly manner, including being recycled, where possible. Specialist advice can be sought from organisations such as the Environmental Protection Authority (EPA).

Methods of destruction

Due to the complex nature of electronic record destruction, agencies are recommended to seek advice from PROV if they need to destroy media which does not fall into one of the following categories:

  • Magnetic Media. Records, such as tape and floppy disks, can be bulk erased by subjecting them to a strong magnetic field; degaussing units are available for this purpose. However, if magnetic media contains sensitive information, it should be physically destroyed by shredding, corrosion or melting. Deletion is insufficient as it does not remove data.
  • Optical Media. Records, such as those held on CDs and DVDs, should be physically destroyed by cutting or crushing.
  • Hard Drives. Including hard drives in personal computers, servers, mobile devices and USB flash drives/external portable hard drives, these formats should be degaussed and reformatted when they are decommissioned. If computers and servers are to be reused, they should be degaussed and reformatted. However, if servers and hard drives contain sensitive information are decommissioned, they should be physically destroyed by shredding, corrosion or melting.


  • Business Systems. Records should be destroyed using the functions of the system where possible, in order to maintain system integrity. Deletion is practical but only appropriate where the system is in active use. If the system is not in active use, or contains highly sensitive information, records should be overwritten rather than just deleted, to prevent them from being recovered. A record of destruction or audit log should be retained.
  • Electronic Document and Records Management Systems (EDRMS). An EDRMS should ensure that when a record marked for destruction is destroyed, all versions and renditions are destroyed. Where the same record appears in more than one file, the record and its renditions should be removed from the file when it is destroyed but should not be finally deleted until all occurrences of the record have been destroyed. Retention of record metadata will ensure the agency is aware of the records it has held and the dates they were destroyed or disposed of.
  • Back-up Systems. If a record has been destroyed, copies held in back-up systems also need to be destroyed. If it is impractical to destroy specific records within the back-up system, then it is possible to wait until the back-up media has been recycled; however, back-up cycle times should be taken into consideration. If the cycle time is too long, records in the back-up system should be overwritten. The acceptable time period may be determined by conducting a risk assessment.


  • Shredding & Pulping. To ensure security, shredded paper should be pulped, as modern technology allows reconstruction of shredded paper.
  • Pulping. This reduces paper to its constituent fibres, and is very secure if performed correctly. Pulped paper should be recycled.

Video, cinematographic and microforms (including microfilm, microfiche, aperture cards and x-rays) can be destroyed by shredding, cutting, crushing or chemical recycling.

Destruction checklist

PROV has created a checklist of actions agencies should perform before and after destruction. 

View the checklist here.


Inappropriate methods of destruction

  • Deletion. Deleting electronic records from mediums such as hard drives and USB devices does not permanently erase them, allowing for potential future restoration.
  • Dumping. Security can easily be compromised.
  • Burying. Security cannot be assured.
  • Burning. This cause unnecessary environmental pollution.


Using a contractor to destroy records

Privacy and security

While government agencies may engage contractors to destroy records, it remains the responsibility of the of the government agency to ensure the destruction is performed appropriately.

All contracts related to the handing of public records must contain a clause, as described in section 17 (2) of the Privacy and Data Protection Act 2014, through which information privacy is  transferred from the agency to the contractor.

See Commissioner for Privacy and Data Protection (CPDP) for further information about destruction of high security documents.



When transporting records, by either the agency or the contractor, a closed truck should be used where possible. Otherwise, a records should be secured by a cover.

Sensitive records should be transported in a closed and lockable vehicle, with the locks engaged.