- Only those which are relevent to purpose
- And only for the length of time for which they are required
- They need to be kept up to date
- Only used for the purpose for which they were gathered.
This implies that the following records management aspects need to be considered and a records retention schedule needs to be created.
A disposal programme needs to implemented and then rigidly followed. It is highly risky under POPIA to keep records and not destroy them when their purpose is finished. This does of course apply to all records, and shouldn’t be limited to Personal Information records.
A key element of disposal is to ensure that duplicates are also destroyed as they are also Personal Information. A process of identifying and removing duplicates should be adopted. Duplicates could be in paper or electronic formats.
FILE PLAN / BUSINESS CLASSIFICATION SCHEME
A structured classification scheme should be developed so that records can be easily identified, stored, retrieved and managed. This should be designed to cater for records on all formats and in all locations. This is essential if records are to be managed correctly in terms of POPIA.