Office of the Saskatchewan Information and Privacy Commissioner. Guide to FOIP, Chapter 6, Protection of Privacy. Updated 27 February 2023. 344 sign off and the level of authorization required (e.g., specific department such as legal or audit). The authorization document may include the following information: • Date of destruction • Name, title, contact information and department of the person submitting the authorization • Description of the information or media being destroyed • Retention schedule reference number • Any relevant serial numbers • Quantity being destroyed • Origination or acquisition year (can be a range) • Retention expiration date • Location of the records • Reason for destruction • Method of destruction • Whether destruction is to be performed in-house • Approved contractor and vendor number, if relevant • Approved destruction method according to the organization’s secure destruction policy An organization may decide to exclude records not subject to the organization’s retention schedule, such as incidental or duplicate records. However, organizations should note that without an internal authorization to destroy, further documentation should be substituted, for instance an internal log of the destruction or internally generated Certificate of Destruction issued on a routine basis (e.g., daily, weekly, etc.) to document the destruction of incidental or duplicate records. If outsourcing the destruction of incidental or duplicate records to a service provider, then the Certificate of Destruction or other transactional record, such as an invoice or service order, may act to provide documentation for audit trailing purposes. (ii) Certificate of Destruction Although it cannot serve as absolute proof that a destruction of records has taken place, a consistent and chronological series of Certificates of Destruction over an extended period may assist in establishing that the organization has adhered to its secure destruction policy. The policy should indicate the required fields in a Certificate of Destruction, whether produced by a secure destruction service provider or generated internally, and may include:
RkJQdWJsaXNoZXIy MTgwMjYzOA==