This exercise has since been conducted in other cities around the world. A study in Australia in 2013 found 11% of commercial
trash bins in Sydney contained confidential personal information. A 2011 study in Madrid, Spain, sparked a national dialogue
on that country’s poor performance with safe destruction.
On the electronic side, in February 2014, NAID-ANZ (Australia-New Zealand) released the results of a study in which hard
drives were randomly purchased. That study found approximately 30% of the drives contained highly-confidential personal
information. Some of the recycled devices had originated from public organizations, including a Government medical
facility. Moreover, the procedure used to determine if any personal information remained on these hard drives was very
basic. The information found included spreadsheets of clients’ and account holders’ personal information, confidential client
correspondence, billing information and personal medical information.
Building on the above, in March 2017 our sister association in the U.S. released the results of the largest study to date looking
at the presence of personally identifiable information on electronic devices sold on the second-hand market. The study found
that 40% of devices resold through publicly-available channels contained personal information.
To ensure credibility, the study was conducted by a third-party forensics lab. Alarmingly, however, the investigation used only
basic recovery methods, not sophisticated forensic examination – meaning the information obtained would be accessible
to just about anyone. Among the information recovered was credit card information, contact information, usernames and
passwords, company and personal data, and tax details. The devices examined included mobile phones, tablets and hard
There is really no excuse for such reckless practices. Such incidents could be prevented if greater concern was paid to secure
information destruction. This not only protects personal privacy, but it is an immediate first step in the fight against identity
theft. Destruction neutralizes the value of the material by making it impossible to read or access.
NAID-Canada contends that such cases partly result from a lack of clear direction on what exactly destruction means or
requires. Recycling, for example, is not destruction. Documents may remain intact, vulnerable to a privacy breach, for
extended periods before being recycled. Likewise, throwing records in the garbage should not be considered destruction;
even though some would contend that once the documents get into a landfill they are “destroyed.” Even some types of
shredding are not entirely safe as sophisticated criminal elements will invest the time to put this information back together if
it is shredded poorly.
On the electronic side, reuse and recycling programs often overlook destruction entirely. In addition, electronic information
destruction is highly complex and information may remain on devices even if users think they have wiped their drives.
NAID-Canada is pleased that the privacy legislation for the health care sector in Manitoba, the Personal Health Information
Act (PHIA), includes a requirement that organizations have a written policy on the retention and destruction of personal
health information. That is a critical and often overlooked first step in privacy protection.
We do not read a similar requirement in FIPPA or its regulations. Therefore, our first recommendation is to include a
destruction requirement as in Section 17( 1) of PHIA.
Recommendation #1: FIPPA should be amended to include a destruction requirement, as in Section 17( 1) of PHIA.
Second, the PHIA consultation paper notes that in that legislation, “[T]here are no regulatory provisions stating the way
trustees may destroy personal health information.” From NAID’s experience in Canada and around the world, this is where
problems arise. Therefore, for both PHIA and FIPPA we recommend including a definition of destruction in the legislation.
NAID-Canada defines destruction as “the physical obliteration of records in order to render them useless or ineffective
and to ensure reconstruction of the information (or parts thereof) is not practical.” This definition can apply to paper and
We believe clearly defining destruction is imperative for more than just human rights reasons. It is also a practical necessity.
Violating the rights of others by casually discarding their personal information provides much of the feedstock for what has
become a global epidemic of identity theft and fraud.
For example, a U.S. study found that the vast majority of identity theft results from low tech access to personal information,
such as dumpster diving or binning. Indeed, law enforcement officials in the U.S. have exposed elaborate rings of organized