Personal Information Protection Act - Office of the Information and ...
Personal Information Protection Act - Office of the Information and ...
Personal Information Protection Act - Office of the Information and ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
A G u i d e f o r B u s i n e s s e s a n d O r g a n i z a t i o n s o n t h e P e r s o n a l I n f o r m a t i o n P r o t e c t i o n A c t<br />
9 Follow <strong>the</strong> rules for accuracy, protection <strong>and</strong><br />
retention <strong>of</strong> personal information<br />
Bottom line: Take care <strong>of</strong> records that you create or receive <strong>and</strong> keep. Ensure <strong>the</strong>y are<br />
accurate, appropriately protected <strong>and</strong> retained for reasonable purposes.<br />
Accuracy<br />
You must take reasonable steps to make sure that personal information collected, used or<br />
disclosed by your organization is accurate <strong>and</strong> complete.<br />
This doesn’t mean that you must routinely update all information. Just update it to <strong>the</strong> extent<br />
reasonable for its use. This rule helps to prevent using inaccurate or wrong information to<br />
make a decision about an individual.<br />
What is reasonable depends on <strong>the</strong><br />
circumstances. For example, be careful when<br />
you get personal information from someone<br />
o<strong>the</strong>r than <strong>the</strong> individual. The information may<br />
not be correct, or you may not have “<strong>the</strong> whole<br />
story.” Also, what is reasonable will depend on<br />
what <strong>the</strong> information is going to be used for <strong>and</strong><br />
how that will affect <strong>the</strong> individual.<br />
<strong>Protection</strong><br />
You must use reasonable safeguards (physical, administrative <strong>and</strong> technical) to protect personal<br />
information from such actions as:<br />
▲ someone getting access to, or collecting, using, copying or disclosing, personal information<br />
when he or she is not supposed to;<br />
▲ someone misusing, stealing or losing personal information; or<br />
▲ someone collecting, using, disclosing, copying, changing, destroying or not properly<br />
getting rid <strong>of</strong>, personal information.<br />
Safeguards should be appropriate to <strong>the</strong> sensitivity <strong>of</strong> <strong>the</strong> information.<br />
Examples <strong>of</strong> physical safeguards include:<br />
▲ locking file cabinets <strong>and</strong> areas where files are stored when no one is <strong>the</strong>re<br />
▲ allowing only employees who need access to <strong>the</strong> storage areas or filing cabinets to have<br />
access to <strong>the</strong>m<br />
▲ clearing files <strong>and</strong> records containing personal information <strong>of</strong>f your desk at <strong>the</strong> end <strong>of</strong> <strong>the</strong> day<br />
▲ shredding papers containing personal information ra<strong>the</strong>r than placing <strong>the</strong>m in a garbage<br />
can or recycling bin (see IPC Investigation Report P2005-IR-001)<br />
44<br />
Service Alberta <strong>and</strong> <strong>the</strong> <strong>Office</strong> <strong>of</strong> <strong>the</strong> <strong>Information</strong> <strong>and</strong> Privacy Commissioner