it:ad:document_retention:home

it:ad:document retention

Summary

You always hear about '7 years'. But it's more nuanced than that.

First - you should never delete records. Only State change (see IT:AD:CRUS versus CRUD.

Once you've understood why you don't delete records - and instead reassociate records to an Anonymous User if there is a reason to remove Personal Information, we can get to determining when to do it by default.

In NZ, depends on types of records, rather than a single overarching rule. The most common retention period is seven years for tax and business records, while personal information must not be kept for longer than is necessary for its lawful purpose (see above for association to Anonymous User, which is the same outcome).

  • 7 years for Business and Tax records due to the Tax Administration Act 1994
  • Employment REcords is 6 years due to the employee has left) Employment Relations Act 2000 (and Holidays Act 2003)
  • 7 years for the Company Records (minutes of meetings, resolutions, copies of communications to shareholders) due to the Companies Act, 1993
  • Permanent, Company Shares due to Companies Act, 1993
  • Health Information
  • Education Information
  • Lawful Purpose: Under the Privacy Act 2020, agencies (organisations/businesses) must not retain personal information for longer than they have a lawful purpose for using it. This necessitates having a clear data retention policy.
  • /home/skysigal/public_html/data/pages/it/ad/document_retention/home.txt
  • Last modified: 2025/11/23 18:53
  • by skys