Personal Information Protection and Electronic Documents Act
Are you in compliance?
The Personal Information Protection and Electronic Documents Act (PIPEDA) is a law that protects personal information in the hands of private sector organizations and provides guidelines for the collection, use and disclosure of that information in the course of commercial activity. The Act is based on ten privacy principles developed by the Canadian Standards Association, and is overseen by the Privacy Commissioner of Canada and the Federal Court.
This Act applies to all business and organizations in Canada. It sets the ground rules for the collection, use and disclosure of personal information in the course of commercial activities.
In terms of the retention and safeguarding of personal information PIPEDA states:
"Personal information that is no longer required to fulfill the identified purposes should be destroyed, erased or made anonymous. Organizations shall develop guidelines and implement procedures to govern the destruction of personal information." Principle 4.5.3
"Care shall be used in the disposal or destruction of personal information, to prevent unauthorized parties from gaining access to the information." Principle 4.7.5