Will privacy law remove our ability to roll up retention periods and force classification and sentencing of every individual record?

In preparation for the introduction of the consumer data right in Australia, I’m reading a lot of overseas privacy news.

I’ve seen many fines associated with the failure to have a destruction plan in place.

I’m wondering if it might bring any of the practices that we have adopted for convenience and simplicity under scrutiny.

Specifically, the practice of sentencing records as a group to the longest period that applies to the grouping.

The practice has been a godsend for many organisations. 

It has made greatly simplified classification schemes achievable.

This has made accurate classification achievable for users with far less skill and training.

In general, this seems to have made records programs more likely to deliver good outcomes.

We’re more likely to get records in a records system, more likely to have them accurately classified, and then more likely to be able to destroy them with confidence.

One outcome of privacy law though, is to essentially flip the requirement from mandatory retention, to mandatory destruction.

Which makes me wonder if the practice will still be acceptable.

One way to avoid failing on records compliance enforcement.

Is to use the compliance system that already exists.

If records policy is defined and agreed to at the organisational level, all we are asking people to do is to perform to organisational policy.

There’s a process for ensuring they do it already in place.

It’s performance management.

Why try and invent our own?

Why not use what’s already there.

Do we really think that staff are more likely to listen to us than their own managers?