Destruction of Personal Information
Destroy personal information when a matter is closed and the retention period has expired
There are varying processes depending on the type of document
Only the CEO, COO or CFO can authorise the IT Department to permanently delete an electronic file
When to Destroy
Personal Information must be destroyed once it is no longer required (i.e., once the matter has closed and the retention period has expired), or if it was not collected lawfully (provided it is not an original document). The information must be destroyed in accordance with the process below.
Destruction Process
The destruction process depends upon the type of document which contains the Personal Information.
If it is an original document:
Original copies of documents should not be destroyed. They should be returned to the relevant person (i.e. the resident or their authorised third representative).
If it is a paper document (not an original):
If the information is contained in a paper document, it should be:
Returned to the resident; or
shredded securely; or
placed in the document destruction bin.
If it is an electronic document:
If the information is contained in an electronic document, that document should be deleted from Columbia Aged Care's systems. If the document was received by email, the email should also be deleted.
Please note you will need to contact the IT Department to arrange for permanent deletion as employees' deleting rights are limited, meaning files are 'still there' and can be restored.
Electronic Devices
When disposing of any electronic device including (but not limited to) computers, mobile devices and printers; secure disposal must be arranged (as data may still be on tapes, drives and drums). All devices should be returned to the IT Department for de-registration and data destruction prior to the disposal of any devices or electronic equipment. The IT Department will keep records of the secure data destruction for each device.
Other Policy Sections For Employees