11. > LEGAL CONSIDERATIONS

Any IT solution must comply with relevant legislation. The Public Records Act 2005 states that public offices and local authorities must create and maintain full and accurate records, and make sure that they are maintained in accessible form for as long as they are required. It also states that no public records or local authority protected records (see Guide G5: Glossary for definitions) can be disposed of (including alteration or destruction) without the permission of the Chief Archivist.

An IT solution must support effective creation and capture of records, and procedures need to be in place to support ongoing maintenance of the information held in the system. Ideally, public offices and local authorities should develop an approved retention and disposal schedule for records to be held in the new system at the point of design and before the system goes live. The schedule should cover both electronic and paper records.

The Privacy Act 1993 has 12 Information Privacy Principles for protecting personal privacy. If personally identifiable information is to be held in the IT system, organisations may wish to consider a Privacy Impact Assessment at the point at which the system is being designed to ensure that the Information Privacy Principles are being met. Note, however, that privacy considerations alone do not provide a legal justification for destroying records. The permission of the Chief Archivist is still required.

Under the Official Information Act 1982 official information must be made available upon request unless there is a good reason for withholding it. At a minimum, IT solutions should ensure that official information is able to be found and accessed. Ideally, they will improve access and retrieval of this information.

When considering the legal admissibility of their records, public offices and local authorities should refer to the Electronic Transactions Act 2002. This Act addresses the legal implications and requirements for the use of electronic information and media. It also includes requirements for digitisation of analogue records for integration into IT solutions.

In addition to these Acts, an organisation needs to examine the Acts and Regulations specific to its administrative function and responsibilities to ensure that all recordkeeping and information requirements will be met.