28.1 In this chapter, the ALRC recommends that the model Unified Privacy Principles (UPPs) should contain a single data security principle that covers both agencies and organisations. The ALRC addresses how agencies and organisations should fulfil their data security obligations during the active life of records that contain personal information. It then examines the obligations of agencies and organisations to destroy or render non-identifiable personal information when it is no longer needed.