Collecting and Protecting Personal Information of Metal Recyclers
Under the Personal Information Protection Act (PIPA), metal dealers and recyclers must protect personal information collected from sellers.
Metal dealers and recyclers must inform sellers of regulated metal that their personal information is being collected under the Metal Dealers and Recyclers Act and explain how it will be used. Dealers and recyclers may also want to explain how customer codes protect the seller’s identity in reports to police. It is important that dealers and recyclers not collect more information than is allowed under the Metal Dealers and Recyclers Act.
Metal dealers and recyclers must ensure that a seller’s personal information is correctly and completely recorded. The Metal Dealers and Recyclers Act does not permit scanning or photocopying a seller’s Driver’s Licence, B.C. Identification Card or BC Services Card.
Metal dealers and recyclers must ensure their use of a seller’s personal information complies with the Metal Dealers and Recyclers Act. For example, dealers and recyclers cannot:
- Disclose a seller’s personal information to police without a warrant
- Use a seller’s personal information for marketing purposes
- Exchange the information with another party
Metal dealers and recyclers must protect a seller’s personal information with:
- A password if it is stored electronically
- A lock if it is stored on paper
- Another type of security arrangements that protects against the unauthorized use or disclosure of the information
Under the Metal Dealers and Recyclers Act, dealers and recyclers must retain the personal information of sellers of regulated metal for at least one year. Once this requirement has been met, dealers and recyclers may wish to destroy the information.
Office of the Information and Privacy Commissioner of British Columbia
Securing Personal Information: A Self-Assessment Tool for Organizations by the Office of the Information and Privacy Commissioner of British Columbia is an online tool that helps businesses see how well they protect personal information.
Office of the Chief Information Officer
The Office of the Chief Information Officer (OCIO) can answer questions and provide information about a business’s responsibilities under Personal Information Protection Act. The OCIO can be contacted at: