(1) An intelligent access auditor must take all reasonable steps to destroy intelligent access information held by the auditor that is no longer needed for an intelligent access audit conducted by the auditor.
Maximum penalty—$6000.
(2) An intelligent access auditor is taken to have complied with subsection (1) for intelligent access information if the auditor permanently removes anything by which an individual can be identified from the information.