Skip to content
contact us | home | accessibility


Google Custom Search
good practice and innovation
about us infoKits Tools & Techniques Publications Events
You are here: Home » infoKits » Information Lifecycle infoKit » Final Outcome » Controlling The Disposal of Information
Information Lifecycle infoKit

Information Management


This infoKit is a strand within the Information Management resource. Use one of the following links to view more on a particular lifecycle phase.

Controlling The Disposal of Information

Disposing of information may seem as straightforward a process as hitting the 'delete' key or finding the nearest waste paper bin. Unfortunately it may not always be a simple as that. It can prove more difficult than might be imagined to irrevocably remove electronic information to the degree required by the law. It is also a process which should now be as controlled and auditable as every other aspect of information management in order to protect the interests of the institution.

When Has Deleted Information Really Gone?

According to guidance from the Information Commissioner accompanying the FOI Act,

Information located in desktop recycle bins is clearly subject to the FOIA as this continues to be held and is easily accessible. Once deleted from the recycle bin the information will also continue to be held unless the electronic record is completely erased from the computer system. Information in a deleted file or in a back-up, whether a server, disc or tape, may be regarded as being held by a public authority for the purposes of the FOIA depending on the particular circumstances of the individual case.

It is therefore important that your deletion procedures are comprehensive enough to ensure that information you rightfully and lawfully wish to remove from your possession has actually been purged to the satisfaction of the above criteria.

It is possible to draw analogous conclusions for paper records - highlighting the importance of regular emptying of waste bins (particularly recycling bins) and the wisdom of providing confidential waste facilities and/or shredders where required.

An Auditable Process

To ensure appropriate levels of transparency and accountability it is considered good practice to document the disposal process and its outcomes. For example, to record what information has been destroyed, by what criteria it has been assessed as requiring destruction, on whose authority this has been carried out and to confirm the outcomes of the process.

Clearly any measures introduced in this regard should be proportionate and will require an analysis of risk. Obviously there is no need for the deletion of every email to be documented to this degree, but it may be wise to introduce a general policy statement which defines the types of emails which users can routinely destroy (spam, ephemera etc) and which should be subject to formal retention and appraisal procedures based on the significance of their content.
Bookmark and Share
Link to the JISC Website

© 2012 Northumbria University, on behalf of JISC Advance
JISC infoNet is a JISC Advance service
This website is powered by Plone | Cookies Statement

Creative Commons

 JISC Advance logo
If you can read this text, it means you are not experiencing the Plone design at its best. Plone makes heavy use of CSS, which means it is accessible to any internet browser, but the design needs a standards-compliant browser to look like we intended it. Just so you know ;)