Safeguarding personal information
Businesses have an obligation to ensure that it is adequately protected, which can help reduce risk of privacy breaches. This means protecting it against loss or theft, as well as unauthorized access, disclosure, copying, use or modification, and it means protecting the information regardless of its format—whether, for example, it is in electronic or paper form. Using appropriate safeguards is one of the ten principles within Personal Information Protection and Electronic Documents Act (PIPEDA) and is explained in more detail in our Privacy Toolkit for Businesses.
PIPEDA doesn’t specify particular security safeguards that must be used. Rather, the onus is on businesses to determine the appropriate tools for ensuring that personal information is adequately protected—be it physical measures, technological tools, and/or organizational controls.
This page offers information, tools and guidance for businesses on how to fulfil their responsibilities to ensure personal information is safeguarded and secure.
Interpretation of court decisions and findings related to 'Safeguards' and PIPEDA. Interpretations give guidance and are not legally binding.
Get advice on how to prevent and address employee snooping.
Risks, tips for employees, guide for customers
Find guidance for organizations developing and implementing retention and disposal practices for personal information.
Find information for SMEs about privacy responsibilities and considerations in relation to cloud computing.
Informed consent, data protections
Report a problem or mistake on this page
- Date modified: