If the purpose for the confidentiality agreement no longer exists, the disclosing party will require the receiving party to return all confidential information or certify that it has been destroyed, within a defined time period. Privacy legislation may also require that parties to a proposed transaction refrain from disclosing personal information unless they have entered into an agreement that binds the parties to protect that information by security safeguards appropriate to the sensitivity of the information; and if the transaction does not proceed, to return that information to the organization that disclosed it, or destroy it, within a reasonable time.