Safeguarding personal information

Businesses have an obligation to ensure that it is adequately protected, which can help reduce risk of privacy breaches. This means protecting it against loss or theft, as well as unauthorized access, disclosure, copying, use or modification, and it means protecting the information regardless of its format—whether, for example, it is in electronic or paper form. Using appropriate safeguards is one of the ten principles within Personal Information Protection and Electronic Documents Act (PIPEDA) and is explained in more detail in our Privacy Toolkit for Businesses.

PIPEDA doesn’t specify particular security safeguards that must be used. Rather, the onus is on businesses to determine the appropriate tools for ensuring that personal information is adequately protected—be it physical measures, technological tools, and/or organizational controls.

This page offers information, tools and guidance for businesses on how to fulfil their responsibilities to ensure personal information is safeguarded and secure.

Securing Personal Information: A Self-Assessment Tool for Organizations

Try a tool designed to help organizations evaluate how well they are protecting and safeguarding personal information.

Safeguards

Interpretation of court decisions and findings related to 'Safeguards' and PIPEDA. Interpretations give guidance and are not legally binding.

Ten Tips for Addressing Employee Snooping

Get advice on how to prevent and address employee snooping.

Tips for mitigating password reuse risk

Read tips for businesses on mitigating risks of password reuse by customers and employees.

Personal Information Retention and Disposal: Principles and Best Practices

Find guidance for organizations developing and implementing retention and disposal practices for personal information.

Faxing personal information

Learn how to reduce the risks associated with transmitting personal information by fax.

Guidelines for Processing Personal Data Across Borders

Find information for businesses on transferring personal information to third parties, including those operating outside of Canada.

Cloud Computing for Small and Medium-sized Enterprises

Find information for SMEs about privacy responsibilities and considerations in relation to cloud computing.

Privacy and Outsourcing for Businesses

Find information related to outsourcing in accordance with PIPEDA.

Date modified: