PIPEDA Fair Information Principle 7 – Safeguards
More about Safeguards
Your responsibilities as a business
- Comply with all 10 of the principles of Schedule 1.
- Protect personal information against loss or theft.
- Safeguard the information from unauthorized access, disclosure, copying, use or modification.
- Protect personal information regardless of the format in which it is held.
Note: PIPEDA does not specify particular security safeguards that must be used. Rather, the onus is on organizations to ensure that personal information is adequately protected.
How to fulfill these responsibilities
- Develop and implement a security policy to protect personal information.
- Use appropriate security safeguards to provide necessary protection:
- physical measures (locked filing cabinets, restricting access to offices, alarm systems)
- technological tools (passwords, encryption, firewalls)
- organizational controls (security clearances, limiting access on a "need-to-know" basis, staff training, agreements).
- Ensure that you regularly review security safeguards to ensure they are up-to-date and known vulnerabilities have been addressed.
- Make your employees aware of the importance of maintaining the security and confidentiality of personal information.
- Ensure staff awareness by holding regular staff training on security safeguards.
- The following factors should be considered in selecting appropriate safeguards:
- sensitivity of the information
- amount of information
- extent of distribution
- format of the information (electronic, paper, etc.)
- type of storage.
- Review and update your security measures regularly.
- Make sure personal information that has no relevance to the transaction is either removed or blocked out when providing copies of information to others.
- Keep sensitive information files in a secure area or computer system and limit access to individuals on a "need-to-know" basis only.
When Things Go Wrong
A privacy breach occurs when there is unauthorized access to, or disclosure of personal information. We have developed a number of resources to help organizations to take appropriate steps when a breach happens. Please see:
- Date modified: