One of the issues arising out of the Optus and Medibank Private cyber attacks was the surprise at the amount of historical information relating to former customers that the companies retained. My updated record retention checklist emphasises that a record retention policy must also include a record destruction policy.
Corresponding to the obligation to retain certain information is the obligation to keep personal information private and to delete inaccurate information or de-identify that information if it is no longer required to be retained.
Here is an updated summary of financial service providers’ document retention obligations.
If you found this article helpful, then subscribe to our news emails to keep up to date and look at our video courses for in-depth training. Use the search box at the top right of this page or the categories list on the right hand side of this page to check for other articles on the same or related matters.
Author: David Jacobson
Principal, Bright Corporate Law
Email:
About David Jacobson
The information contained in this article is not legal advice. It is not to be relied upon as a full statement of the law. You should seek professional advice for your specific needs and circumstances before acting or relying on any of the content.