Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 342 (ii) After the destruction Following degaussing or sanitization, access to electronic media must be restricted and further distribution delayed until an internal audit of a percentage random sampling of the media demonstrates that the degaussing or sanitization process was effective. Destroyed materials such as paper particles, after destruction, should be restricted from public access and eventually recycled to minimize heroic attempts at reconstruction. C. Determine Best Methods of Destruction The goal of record destruction is to have records containing any personal information permanently destroyed or erased in an irreversible manner that ensures that the record cannot be reconstructed in any way. It is incumbent upon organizations to determine the destruction method that credibly implements their secure destruction policy requirements. Organizations must determine which destruction method is best suited to the classification of the record, taking into consideration cost and convenience as well as the sensitivity of the record. This determination will constitute the “approved methods of destruction” and should be detailed in the organization’s secure destruction policy. (i) Paper records Methods of destroying paper include mechanical destruction (such as crosscut shredding, pulping, and pulverizing), and incineration. When mechanically destroying paper, material residue should be reduced to pieces millimeters in dimension. These pieces may be part of the organization’s normal recycling program. When incinerated, material residue should be reduced to white ash and be contained so that partially burned pieces do not escape. (ii) Electronic media The method of destruction for electronic media includes mechanical destruction to render it unusable, degaussing, and sanitization (including secure erase), and should involve removing all labels or markings that indicate previous use. Simply deleting computer files or reformatting a disk does not securely destroy the data because even deleted files may be subject to data recovery efforts. For all personal hand-held computing or processing devices (such as PDAs and mobile phones) storing sensitive contact information, calendars, documents, email
RkJQdWJsaXNoZXIy MTgwMjYzOA==