On this page
Introduction
Storing key documents before an emergency is crucial. Lost documents during a disaster can hinder an organisation’s response, disrupt operations, and impede recovery.
Safe document storage prevents the worst-case scenario: document destruction leading to breaches of ACNC requirements or other legal record-keeping requirements (such as the requirement to keep tax records). This can jeopardise charity status or result in other legal penalties.
Your organisation should have a robust document management policy, which can be integrated into your business continuity plan.
Storage checklist
Use our checklist to help your organisation manage the storage of documents and records in preparation for disasters.
Note
- Always choose secure storage options with strong passwords or encryption.
- Store copies outside your regular operating area to protect them from physical disasters.
- Choose storage methods that allow easy access during emergencies, even without internet connectivity.
For more information and guidance, see:
- Justice Connect Disaster Legal Support Resource Hub – get e-prepared – This links to a self-help tool where a person can create a checklist of important documents and learn how to store electronic copies of the documents in case they need them in an emergency.
- The Digital Transformation Hub has published a guide on ‘Effective file storage and management practices for your not-for-profit’. This guide provides best-practice tips to optimise file management.
- Documents, records and requests for access – our webpage covers the requirements of an organisation to keep certain documents and records which may be set out in the organisation's rules, policies or resolutions, funding agreements and other contracts, or legislation.
Legal obligations – personal information
Organisations have obligations relating to how they store and use information, including personal information and information that they receive while carrying on their operations.
In a disaster, there are limited exceptions that allow organisations to collect, use or disclose personal information. It's important to understand how these exceptions apply when working in emergency situations.
An organisation may use, collect and disclose personal information about individuals caught up in an emergency or disaster if the Prime Minister or Minister responsible for administering the Privacy Act has declared an emergency or disaster (as required under the Privacy Act) and:
- the organisation reasonably believes that the individual may be involved in the emergency or disaster
- the collection, use or disclosure is for a permitted purpose in relation to the emergency or disaster (a permitted purpose is one that directly relates to the Commonwealth’s response to the declared emergency or disaster), and
- the disclosure of the personal information is to certain limited individuals and entities (the disclosure must not be to a media organisation)
Case study – handling personal information in a declared emergency
A major bushfire devastates a remote community in Australia and the Prime Minister declares a national emergency. NSW Assist, a not-for-profit organisation, establishes a relief centre to provide essential services, including food, shelter, and medical assistance, to the affected population.
A volunteer at NSW Assist collects personal information from survivors, including names, addresses, contact details, and medical information. This information is used to provide essential services and support to the affected individuals.
NSW Assist may use the personal information in this way during a declared emergency because it reasonably believes that individuals seeking assistance at the relief centre are involved in the emergency or disaster and such use is directly related to the Commonwealth's response to the bushfire emergency. NSW Assist may only disclose this personal information to government agencies responsible for disaster relief and recovery efforts and other authorised entities involved in the disaster response.
For more information, see:
- our resources on privacy laws
- the Office of the Australian Information Commissioner’s webpage ‘Privacy for not-for-profits, including charities’
- the Office of the Australian Information Commissioner’s webpage ‘Emergencies and disasters’
Disclaimer: These resources provide general information about legal issues that may arise for not-for-profit organisations in managing disasters. This information is a guide only and is not legal advice. If you or your organisation has a specific legal issue, you should seek legal advice before deciding what to do. See full disclaimer and copyright notice.
The content on this webpage was last updated in December 2024.