In preparation for the introduction of the consumer data right in Australia, I’m reading a lot of overseas privacy news.
I’ve seen many fines associated with the failure to have a destruction plan in place.
I’m wondering if it might bring any of the practices that we have adopted for convenience and simplicity under scrutiny.
Specifically, the practice of sentencing records as a group to the longest period that applies to the grouping.
The practice has been a godsend for many organisations.
It has made greatly simplified classification schemes achievable.
This has made accurate classification achievable for users with far less skill and training.
In general, this seems to have made records programs more likely to deliver good outcomes.
We’re more likely to get records in a records system, more likely to have them accurately classified, and then more likely to be able to destroy them with confidence.
One outcome of privacy law though, is to essentially flip the requirement from mandatory retention, to mandatory destruction.
Which makes me wonder if the practice will still be acceptable.