Model records management plan guidance

Home
Records and archives
Model records management plan guidance

Share this page

Click here to share this page on Facebook. Click here to share this page on LinkedIn. Click here to share this page on X (formerly known as Twitter).

Element 6 - Destruction arrangements

Records are destroyed in a timely and appropriate manner and records of their destruction are maintained.

In line with the Keeper of the Records of Scotland’s (The Keeper’s) obligations under the Public Records (Scotland) Act 2011 (the Act), the following guidance is issued regarding an authority’s destruction arrangements:

It is vital that an authority’s records management plan (RMP), submitted for agreement with the Keeper, confirms that the authority has developed, or is in the process of developing, proper destruction arrangements. Public records should be destroyed as part of a controlled, secure and irretrievable process.

Please note that the Keeper does not require authorities to provide a list of the records destroyed. However, the RMP should explain the destruction process in place, including all formats, and evidence that this process is properly carried out. The destruction process is likely to vary depending on the format in which the record is held.

For digital records, the Keeper will want to see evidence that appropriate processes are in place to delete records at the end of their retention period (see Element 5). With some systems this happens automatically; in other cases the information asset owner will be prompted to do this ‘manually’. The Keeper will want to see that adequate guidance is provided to asset owners, and others with this responsibility, to ensure that destruction is carried out correctly.
Using a commercial disposal firm for the disposal of hard-copy records is recommended because their practices will be controlled, audited, and fully compliant with current environmental regulations (their business can only exist if they are). They may be able to issue a certificate of destruction, which should be maintained with the disposal schedule as proof that the record has been destroyed. In the context of both Data Protection and Freedom of Information legislation, these sorts of procedures are the clear proof of controlled destruction of information. This is what the Information Commissioner would be looking for in any disputed request that the authority was unable to answer.
As well as digital and hard-copy records, the Keeper will also need to be reassured that the authority understands the destruction of records held in back-up systems. Most authorities, quite correctly, keep back-ups of their records for business continuity purposes (see Element 10). The Keeper will ask how long after deletion could a record be restored using back-up processes. There is not necessarily a right or wrong answer to this, but the Keeper must be satisfied that the authority understands their situation.

Finally, the Keeper requires an authority to explain the processes for the secure destruction of records that are held on IT hardware once that hardware is deemed to be redundant. For example, if an authority recycles its laptops, what processes are in place to ensure all records are thoroughly purged from the hard drive? If hardware is destroyed by a third-party technical provider (as is often the case), what stipulations appear in the service agreement relating to the deletion of information? Have these clauses been approved by the authority’s information security team or SIRO?

It is considered important that a list of records that have been destroyed is retained, probably permanently, to show the types of record an authority has previously created, and to confidently respond to requests to access information that has been properly destroyed or deleted.

It is also important that when a record is destroyed, it cannot easily be recovered. The United Nations Archives and Records Management Section advises as follows:

Destruction of records should be irreversible. This means that there is no reasonable risk of the information being recovered again. Failure to ensure the total destruction of records may lead to the unauthorised release of sensitive information.
https://archives.un.org/

Evidence

Potential evidence of compliance would include a copy of the contract with a record destruction contractor (redacted for commercial-in-confidence purposes if necessary), or the authority’s formal destruction policy approved by the senior accountable officer. A retention schedule alone would not be considered evidence that record destruction is actually taking place in an authority.

As well as destruction certificates and contracts demonstrating that an external service provider is in place, the Keeper would expect to see staff guidance on the authority’s destruction procedure. This might include instructions on how to delete records from an electronic records management system or network drive at the end of its retention period.

The Keeper can accept a statement from an authority regarding the availability of back-up copies. In the case that a continuity back-up service is provided by a third party, the Keeper would expect to see details around record recovery periods as part of a service agreement or similar.

Sample Documents Showing Destruction Arrangements

The following sample destruction documentation might give you an idea what information such documents might include, and how they might be styled. Any samples provided should not be taken to represent the current procedures operational in the authority that provided the sample; they are for ‘inspiration’ only.

Sample instructions for staff, used to ensure that disposal procedures are correctly implemented (East Ayrshire Council and the National Library of Scotland)

File 01 - East Ayrshire Council

File 02 - National Library of Scotland

The Keeper will be interested to see that authorities properly consider the destruction of public records created on ancillary systems, such as e-mail

File 03 - Scottish Government

The Keeper will be interested to see that authorities properly consider the eventual destruction of public records held in back-up systems for business continuity purposes

File 04 - Scottish Government

The Keeper will be interested to see that authorities properly consider the secure destruction of public records that are held on IT hardware once that hardware is deemed to be redundant.

File 05 - Audit Scotland IT disposal

Finally examples of staff guidance around specific destructions issues where records may be destroyed outwith the authority’s retention schedule

File 06 - Scottish Funding Council - deleting records before retention deadline

File 07 - Scottish Funding Council - what records we can routinely destroy

Was this page helpful? *

Yes

Yes, but

Your comments