Complexity in data compliance
- 30 April, 2008 11:14
The time periods vary according to the sphere of law and the jurisdiction. For instance, in respect of litigation involving contractual disputes or the enforcement of contracts in New South Wales, the limitation period can be as much as 12 years where the action is founded on a deed (s16 Limitation Act 1969). For this reason alone, data should be retained for at least 12 years or even longer.
Another area of relevant law is the law prohibiting document destruction. The landmark case in Australia regarding the systematic destruction of a large number of records is the case of British American Tobacco v McCabe. In that case, the Court analysed the destruction of evidence relevant to the litigation. That case raised the bar as to the requirements of organisations to retain documents in 'anticipation of litigation'.
A third area of relevant law is the record maintenance and security obligations imposed on organisations pursuant to the Privacy Act. That legislation requires the securing of per-sonal data and accordingly, any storage system ultimately utilised must possess certain security features as required by the legislation.
Other laws which require the retention of data broadly include laws related to evidence, electronic transactions, tax, trade practices, corporations, anti-money laundering and counter-terrorism, all of which impose different time limits and different obligations on organisations. Further, foreign legislation such as The Patriot Act (US) and the Sarbanes-Oxley Act (US) impose various obligations on multinational organisations which must also be accounted for.
Disclaimer: This article is for general informational purposes only. It is not legal advice nor is it a substitute for legal advice. Alan Arnott is a technology and telecommunications lawyer with qualifications in computer science and law with Arnotts Lawyers in Sydney. He can be contacted by telephone on 02 9419 6355 or by email to [email protected].