How can my organization comply with PIPEDA 4.5.2?
Are you storing old, data-filled electronics at your business? They could be a ticking time bomb according to PIPEDA 4.5.2. It’s your business’ responsibility to limit use, disclosure and retention of data. Greentec breaks down PIPEDA 4.5.2 and how we can help.
What is use?
Under PIPEDA, organizations may only use personal information for the intended purposes when collected, unless that person gives consent or the disclosure is authorized by the Act. This information, however, can be used as long as necessary to satisfy the intended use. We further broke down personal information as defined by PIPEDA in our January blog.
Data usage can be managed by implementing strict guidelines and procedures for destruction of personal information.
What is disclosure?
Your organization’s policies should clearly state the purpose for which information is collected. It can only be disclosed for this reason. If your organization needs to use personal data beyond its original intended purpose, it may only do so with the individual’s consent to this new request. You must document and disclose the new purpose.
What is retention?
As an organization, it is your obligation to develop guidelines surrounding the minimum and maximum retention periods of personal data. As per PIPEDA 4.5.2, personal information that has been used to make a decision about a person should be retained long enough to allow the same person access to the information after the decision has been made. Information that no longer serves a purpose or legal requirement should be disposed of in such a way that prevents a privacy breach.
It is also important to note that your organization may be subject to data retention legislative requirements.
How can Greentec help?
Before disposing of electronic devices such as computers, photocopiers and cellphones, it is important to ensure that all personal data is securely handled. It is your responsibility to make sure that your data is safe – but don’t worry, Greentec can help!
At Greentec, we can securely wipe or physically destroy private and sensitive data so your organization is protected.
Through our certified data erasure or our certified shred services, Greentec is able to completely destroy all data on hard drives and mobile devices, protecting your organization and the environment. We have the solutions you need to comply with data security and environmental regulation. We also provide you with a certificate of destruction, giving you peace of mind.
Our chain-of-custody service means that we can come directly to your business to securely pick up your items, making it easy for you to recycle. Rest assured that you can rely on Greentec to keep you and your business PIPEDA compliant.