What should APP Entities include in a data destruction policy?

The Australian Privacy Principles (APPs) contained at Schedule 1 of the Privacy Act 1988 (Cth) (Act) requires APP Entities to destroy or deidentify personal or sensitive information (Protected Information) as soon as reasonably practicable.[1]  Having a data destruction policy (DDP) in place means that everyone in the company knows what information is Protected Information, and […]

Source