Every business or organization that collects and use personal information is affected by privacy laws which came into force on January 1, 2004. Under the Federal Personal Information Protection and Electronic Documents Act (PIPEDA) and the British Columbia Personal Information Protection Act (PIPA), organizations are legally required to follow rules with respect to the collection, use and disclosure of personal information. They must also develop guidelines on how personal information is to be safeguarded and destroyed.
Section 4.5.3 of the Personal Information Protection and Electronic Documents Act (PIPEDA) states that “Personal information that is no longer required to fulfill the identified purpose should be destroyed, erased, or made anonymous. Organizations shall develop guidelines and implement procedures to govern the destruction of personal information”.
Similarly, Section 35(2) of B.C.’s Personal Information Protection Act (PIPA) states that “An organization must destroy its documents containing personal information, or remove the means by which the personal information can be associated with particular individuals, as soon as it is reasonable to assume that (a) the purpose for which that personal information was collected is no longer being served by retention of that personal information, and (b) retention is no longer necessary for legal or business purposes.”
What this means is that there is now a requirement under the law for businesses and organizations to be as careful in the disposal and destruction of personal information as they are in collecting and maintaining them.