Will privacy law remove our ability to roll up retention periods and force classification and sentencing of every individual record?

Posted on by Karl Melrose

In preparation for the introduction of the consumer data right in Australia, I’m reading a lot of overseas privacy news.

I’ve seen many fines associated with the failure to have a destruction plan in place.

I’m wondering if it might bring any of the practices that we have adopted for convenience and simplicity under scrutiny.

Specifically, the practice of sentencing records as a group to the longest period that applies to the grouping.

The practice has been a godsend for many organisations. 

It has made greatly simplified classification schemes achievable.

This has made accurate classification achievable for users with far less skill and training.

In general, this seems to have made records programs more likely to deliver good outcomes.

We’re more likely to get records in a records system, more likely to have them accurately classified, and then more likely to be able to destroy them with confidence.

One outcome of privacy law though, is to essentially flip the requirement from mandatory retention, to mandatory destruction.

Which makes me wonder if the practice will still be acceptable.

2 thoughts on “Will privacy law remove our ability to roll up retention periods and force classification and sentencing of every individual record?”

  1. Hi Karl,

    I’m working in Belgium and can confirm your though about the évolution of our practice under the EU GDPR (privacy regulation).

    But I wouldn’t ne so sure to have better records in records system :

    – people are indeed now more focus on destruction than on retention and it may create several issue, since people are not always aware of retention obligation. They also don’t know the full process and therefore would like to erase records to early.
    – the EU régulation confirm the data era and reinforce the idea and organisation are facing dilemna since retention regulation are based on records and not on data. Also people doesn’t understand that records (even on paper) are in the scope.

    But Belgian’s organisations have usually a low maturity in information management / governance.

    Anyway I’m convince that privacy Law, such as GDPR, are a very good opprotunities to strenghten our position organisation and to enable better information management.

    Like

    1. Thanks for your comment F – and for confirming the point of view. I think it’s a wonderful opportunity for the records profession but it does require us to change our thinking, adapt to a more structured world, and also to market ourselves better as records professionals.

      Like

Leave a comment