Prevent a privacy breach at your business

The following tips can help you to reduce the risk of a privacy breach and be equipped to address one if it occurs.

The Get Cyber Safe Guide for Small Businesses by the Canadian Centre for Cyber Security offers practical advice on how to prevent privacy breaches and protect your business from cyber crime.

1. Create an incident response plan

An incident response plan is essential for any business. Even with strong security practices, cyber attacks can happen. Being prepared with a detailed plan can help you and your employees to act quickly.

Only keep the information you need. How long you keep personal information should be based on your legal requirements and your operational needs.
Track what personal information you have. Create lists showing what you collect, where you store it, who can access it and how people use it.
Get rid of information you no longer need. You cannot breach what you do not have. Securely dispose of personal information that no longer serves your business needs. See our advice on personal information retention and disposal.
Limit access to personal data, especially sensitive information. Give employees access only to information that they need for their work.

Cyber security is a team effort. Make sure that everyone knows how to protect personal information and the consequences of not doing so.

Be clear about your expectations of service providers or third-party contractors. Make sure that contracts outline security requirements and how data should be handled. Ensure that service providers know to alert you right away if there is a breach.

Look for weak spots in your systems and processes. Check both digital and paper records. Test your security regularly to find problems before they lead to data breaches.
Keep IT security up to date. Update software regularly with security patches and keep virus protection current. Remove old software that you do not use. Monitor systems to quickly catch problems. Use strong encryption on laptops, USB drives, and other devices that leave the office.