Victoria Police must ensure that records containing law enforcement data are protected from loss, destruction and falsification, in accordance with statutory, contractual and business requirements.
Statement of Objective
This Standard aims to ensure the security of organisational records containing law enforcement data in accordance with statutory, legal and business requirements, so that they are adequately protected from loss, falsification or destruction.
Some records need to be securely retained to meet statutory, regulatory or contractual requirements, as well as to support essential business activities. Examples include records that may be required as evidence that an organisation operates within statutory or regulatory rules, to ensure adequate defence against potential civil or criminal action, or to confirm the financial status of an organisation with respect to shareholders, external parties and auditors. The time period and data content for information retention may be set by national law or regulation.
Victoria Police should consider the categorisation of records by record type with details of retention periods and type of storage media, Examples of the former are, accounting records, database records, transaction logs, audit logs, and operational procedures. Examples of the latter are paper, microfiche, magnetic, optical. Any related cryptographic keying material and programs associated with encrypted archives or digital signatures (see Chapter 8, Cryptographic Controls), should also be stored to enable decryption of the records for the length of time the records are retained.
Data storage systems should be chosen so that required data can be retrieved in an acceptable timeframe and format, depending on the requirements to be fulfilled.
The system of storage and handling should ensure clear identification of records and of their retention period as defined by national or regional legislation or regulations, if applicable. This system should permit appropriate destruction of records after that period if they are not needed by the organisation.
Act 1958 sets legislative requirements for the preservation, reproduction and admissibility of documentary evidence in judicial proceedings. In storing records of a potential evidentiary nature, consideration should be given to the relevant provisions of the act, in particular, Part III—Proof of Documents, Proof of Facts by Documents and Document Unavailability.
Further information regarding managing organisational records is provided in:
Public Records Act 1973
Evidence Act 1958
ISO 15489–1:2001 Information and Documentation – Records Management – Part 1