What laws effect record retention and shredding?

There are a number of laws in both Canada, Alberta and even the United States that effect companies in the Edmonton area. We will briefly touch on these below.

It is behond the scope of this discussion to go into the details of any of theses, and you may require legal assistance to determine the exact impact any of these laws may have on you or your organization.

Personal Information Protection and Electronic Documents Act (PIPEDA)

PIPEDA is a federal law that addresses the collection, storage and use of personal information by organizations in the private sector. Its provisions apply to information collected, used or disclosed by federally regulated agencies, such as telecommunications companies, ISPs, broadcasters, airlines and banks.

Under the law's guidelines, personal information can be collected about you only as long as it is:

Gathered with the knowledge and consent of the consumer

Collected for a reasonable purpose

Used only for the reasons for which it was gathered

Accurate and up to date

Open for inspection and correction by the consumer

Stored securely

Must be securly disposed of once it is no longer needed

If the Court rules that an organization has contravened the law, it must correct its practices. The Court can also award damages to the complainant, if warranted.

Alberta's Personal Information Protection Act (PIPA)

The Personal Information Protection Act (PIPA) is in force as of January 2004.

Some examples of the organizations to which PIPA is applies to include:

non-profit organizations

trade unions

private schools

partnerships

corporations

unincorporated associations

professional regulatory associations

any individual acting in a commercial capacity

any individual acting on behalf of a corporation, association, union or partnership

Alberta's Health Information Act(HIA)

The HIA provides individuals with the right to request access to health records in the custody or under the control of custodians, while providing custodians with a framework within which they must conduct the collection, use and disclosure of health information. Custodians are defined in section 1(1)(f) of the HIA and include:

The Minister and Department of Alberta Health and Wellness

Any health service provider paid in part or in whole by the Alberta Health Care Insurance Plan

Pharmacies and pharmacists regardless of how they are paid

Regional Health Authorities and provincial health boards (Alberta Cancer Board and Alberta Mental Health Board)

Nursing home operators

In addition to regulating information access, collection, use and disclosure practices of custodians, the HIA also covers the actions of affiliates. Affiliates include employees, volunteers, contractors and agencies under contract to the custodian. Some examples of affiliates can include reception and nursing staff at a doctors’ office, pharmacy technicians or information desk and food service workers in a hospital. Ultimately, custodians are responsible for the information collected, used and disclosed by their affiliates.

Alberta's Freedom of Information and Protection of Privacy Act (FOIP)

FOIP applies to every public sector organization in Alberta, and includes the following:

Government of Alberta

School jurisdictions

Municipalities

Public libraries

Metis settlements

Post-secondary institutions

Irrigation districts

Health care bodies

Drainage districts

Police services

Housing management bodies

Police commissions

Sarbanes-Oxley Act (SOX)

Although SOX is a law enacted by the United States, it does effect Canadian subsidaries of U.S. publically listed companies.

If this situation applies to you, we suggest that you contact your legal or compliance office, as there are specific requirements for both retention and destruction that need to be followed.

• Us vs. Mini-Storage
• FAQ
• It's the law
• Is being local important?