Wortzman Nickle has been actively working on records management policies and litigation readiness protocols. In our experience, privacy issues and the treatment of personal information are frequently raised as concerns. There are many reasons for a company to appropriately collect and retain an individual’s personal information. However, once the information is collected, certain obligations arise under applicable privacy legislation.
The recent economic recession has resulted in a rise in privacy complaints, largely because companies are more frequently collecting personal information and they are struggling with the manner in which they handle it.
Several provinces are reporting a significant increase in employment related privacy complaints. In particular, it appears that employers are asking for personal information such as SIN numbers and other information to enable them to perform credit checks on prospective employees even prior to an offer of employment is made. In some cases, the employer is not even advising the employee that a credit check will be completed. This collection results in a number of problems: a lack of consent for the collection of the personal information, a failure to advise that a credit check will be performed, the inability of the company to justify why a credit check was required at that stage, and potential problems relating to the retention and disposal of the personal information.
The best way to deal with these issues is with defensible policies and protocols.
Is your business governed by PIPEDA? Is your policy falling short?
The Personal Information Protection Electronic Documents Act (“PIPEDA”) provides that companies must obtain appropriate consents; collect only what personal information they require for their business purposes; safeguard the information appropriately; and, dispose of the information as soon as the purpose for which it was collected is fulfilled.
To ensure your records management program is consistent and doesn’t run afoul of privacy laws, review your program as a whole. Ensure that your retention policy integrates well with your privacy policies and all other litigation readiness protocols. If your policies do not work well together, it’s time for a rewrite.