Recordkeeping requirements for processing GIPA requests

To ensure records relating to the processing of GIPA applications (formal requests), informal requests and reviews are created and discoverable, your organisation needs to:

• Assess what records to create and what information the records should include (particularly in relation to requests that could escalate or relate to high risk areas of business)
• Establish systems, processes and business rules for creating and capturing records for GIPA activities, including how to document verbal communications (i.e. phone calls, discussions about requests, and meetings)
• Create records to document GIPA activities
• Capture records into approved systems using agreed titles, structures, taxonomies, metadata and records classification schemes
• Keep a record of systems and locations used to store the records

For more information refer to the Standard on records management. The standard is designed to help your organisation meet its recordkeeping obligations under the State Records Act 1998.

It is important to recognise that under the GIPA Act the principal officer of the agency is ultimately accountable for GIPA Act compliance. Within cluster arrangements there may be a number of individual principal officers.