PIPEDA Fair Information Principle 7 – Safeguards

Your responsibilities as a business

  • Comply with all 10 of the principles of Schedule 1.
  • Protect personal information against loss or theft.
  • Safeguard the information from unauthorized access, disclosure, copying, use or modification.
  • Protect personal information regardless of the format in which it is held.

Note: PIPEDA does not specify particular security safeguards that must be used. Rather, the onus is on organizations to ensure that personal information is adequately protected.

How to fulfill these responsibilities

  • Develop and implement a security policy to protect personal information.
  • Use appropriate security safeguards to provide necessary protection:
    • physical measures (locked filing cabinets, restricting access to offices, alarm systems)
    • technological tools (passwords, encryption, firewalls)
    • organizational controls (security clearances, limiting access on a "need-to-know" basis, staff training, agreements).
  • Ensure that you regularly review security safeguards to ensure they are up-to-date and known vulnerabilities have been addressed.
  • Make your employees aware of the importance of maintaining the security and confidentiality of personal information.
  • Ensure staff awareness by holding regular staff training on security safeguards.
  • The following factors should be considered in selecting appropriate safeguards:
    • sensitivity of the information
    • amount of information
    • extent of distribution
    • format of the information (electronic, paper, etc.)
    • type of storage.
  • Review and update your security measures regularly.

Tips

  • Make sure personal information that has no relevance to the transaction is either removed or blocked out when providing copies of information to others.
  • Keep sensitive information files in a secure area or computer system and limit access to individuals on a "need-to-know" basis only.

When Things Go Wrong

A privacy breach occurs when there is unauthorized access to, or disclosure of personal information. We have developed a number of resources to help organizations to take appropriate steps when a breach happens. Please see:

Tips for containing and reducing the risks of a privacy breach

 

Report a problem or mistake on this page
Please select all that apply (required): Error 1: This field is required.

Note

Date modified: