Handling Government Data at End of Life
Government agencies at federal, state, and local levels hold vast quantities of data, ranging from publicly available information to highly classified material. The destruction of government data is governed by a rigorous framework of classification systems, security standards, and legislative requirements that go well beyond the general obligations of the Privacy Act. Understanding this framework is essential for government agencies, their contractors, and any organisation that handles government data.
The Australian Government Protective Security Framework
The Protective Security Policy Framework (PSPF), administered by the Attorney-General’s Department, establishes the standards for protecting Australian Government information, people, and assets. The PSPF includes requirements for information security that apply throughout the data lifecycle, including at disposal.
Under the PSPF, government information is classified according to its sensitivity. The current classification system uses four levels: OFFICIAL (for routine government business), OFFICIAL: Sensitive (for information that requires limited dissemination), PROTECTED (for information that could cause damage to national interest, organisations, or individuals), and SECRET and TOP SECRET (for information whose compromise could cause serious or exceptionally grave damage to national interest).
Each classification level carries specific requirements for how data must be handled, stored, transmitted, and destroyed. The requirements become progressively more stringent as the classification level increases.
The Information Security Manual
The Australian Signals Directorate (ASD) maintains the Information Security Manual (ISM), which provides detailed technical guidance on information security for government agencies. The ISM includes specific requirements for media sanitisation and destruction based on the classification level of the data.
For OFFICIAL and OFFICIAL: Sensitive data, the ISM generally permits software-based sanitisation using NIST 800-88 compliant methods, with Clear or Purge level depending on whether the media will be reused within the same security domain.
For PROTECTED data, the ISM requires Purge-level sanitisation for media being reused within the same security domain, and physical destruction for media leaving the security domain or being disposed of entirely.
For SECRET and TOP SECRET data, the ISM requires physical destruction of storage media. The destruction method must render the media completely irrecoverable, with specific particle size requirements for shredding. Physical destruction must be performed by appropriately cleared personnel in an approved facility.
Records Management and Disposal Authorities
Government records cannot be destroyed without proper authority. At the Commonwealth level, the Archives Act 1983 requires that records be disposed of in accordance with disposal authorities issued by the National Archives of Australia (NAA). These authorities specify which records can be destroyed, when they can be destroyed, and which must be transferred to the NAA for permanent preservation.
In Victoria, the Public Records Act 1973 governs the management of public records, with disposal authorities issued by the Public Record Office Victoria (PROV). Victorian government agencies and local councils must obtain a disposal authority or confirm that an existing general authority covers the records in question before any destruction takes place.
Destroying government records without proper authority is an offence under both Commonwealth and state legislation. IT asset disposal teams in government agencies must coordinate with records management staff to ensure that all data on decommissioned equipment has been assessed against applicable disposal authorities.
Security Clearance Requirements
Personnel involved in the destruction of classified government data must hold appropriate security clearances. For PROTECTED data, personnel should hold a minimum Negative Vetting Level 1 (NV1) clearance. For SECRET data, a Negative Vetting Level 2 (NV2) clearance is required. For TOP SECRET data, a Positive Vetting (PV) clearance is required.
These clearance requirements extend to third-party data destruction providers. When outsourcing the destruction of classified data, the provider’s personnel who handle the media must hold the appropriate clearance level. The provider’s facility must also be accredited for handling classified material at the relevant level.
Local Government Considerations
Victorian local councils are subject to both the Public Records Act 1973 and the Freedom of Information Act 1982 (Vic). When councils dispose of IT equipment, they must comply with PROV disposal authorities, check for active FOI requests that might affect the data, and maintain records of the destruction process for audit purposes.
Council IT equipment often contains community data including ratepayer information, planning applications, building permits, health and safety records, and community services data. While this data is generally at the OFFICIAL level, it still requires proper sanitisation using NIST 800-88 compliant methods before disposal.
Contractor and Supplier Obligations
Private sector organisations that hold government data under contract are typically required to comply with the same data destruction standards that apply to the government agency itself. Government contracts commonly include specific clauses about data handling and destruction, referencing the PSPF, the ISM, and applicable classification-specific requirements.
At the end of a government contract, contractors may be required to destroy all government data in their possession or return it to the agency. The destruction must be performed to the standard specified in the contract and documented with certificates that can be provided to the agency.
Defence and National Security
Defence and national security agencies face the most stringent data destruction requirements. Equipment that has stored classified defence information must be destroyed under controlled conditions, often with witnessed destruction and detailed photographic documentation. Some defence contracts require the physical destruction of entire computing devices, not just the storage media, to address the possibility of data remnants in firmware, RAM, and other components.
The Defence Industry Security Program (DISP) provides a framework for defence contractors to manage classified information, including requirements for IT asset disposal.
Government data destruction is defined by classification, authorisation, and accountability. Organisations that understand and follow this framework protect sensitive government information and demonstrate the professionalism that government clients expect. For a broader regulatory overview, see our guide to e-waste laws and regulations in Australia.