Add new comment

RobinBris - This is why it is important to read SOURCE documents instead of summaries. This is a cut-and-paste extract of PRINCIPLE 11 of the APP in particular paragraph 11.3.

11.3 An APP entity must take reasonable steps to destroy or de-identify the personal information it holds once the personal information is no longer needed for any purpose for which the personal information may be used or disclosed under the APPs. This requirement does not apply where the personal information is contained in a Commonwealth record or where the entity is required by law or a court/tribunal order to retain the personal information (APP 11.2).

The destruction or de-identifying is only required where the information is no longer needed for the purpose for which it was intended to be used or disclosed. Information such as fact finder and risk profile information was collected to assist in producing advice, and also to demonstrate compliance with "best interests duty" - see sec 961B(2)).

If the operations of the Corporations Act 2001 mandated compulsory dispute resolution scheme (AFCA) now requires a adviser to elicit evidence of their advice process from 11 years ago it becomes completely legitimate and not a breach of the Principle to retain such information. If you think I am wrong just give ASIC or AFCA a call on this point - and even OAIC.

Again, it is important to rely on source documents and not summaries. Summaries, even good ones, may not be able provide full context to every circumstance that can arise.