Safeguarding personal information
Businesses have an obligation to ensure that it is adequately protected, which can help reduce risk of privacy breaches. This means protecting it against loss or theft, as well as unauthorized access, disclosure, copying, use or modification, and it means protecting the information regardless of its format—whether, for example, it is in electronic or paper form. Using appropriate safeguards is one of the ten principles within Personal Information Protection and Electronic Documents Act (PIPEDA) and is explained in more detail in our Privacy Toolkit for Businesses.
PIPEDA doesn’t specify particular security safeguards that must be used. Rather, the onus is on businesses to determine the appropriate tools for ensuring that personal information is adequately protected—be it physical measures, technological tools, and/or organizational controls.
This page offers information, tools and guidance for businesses on how to fulfil their responsibilities to ensure personal information is safeguarded and secure.
Interpretation of court decisions and findings related to 'Safeguards' and PIPEDA. Interpretations give guidance and are not legally binding.
Get advice on how to prevent and address employee snooping.
Read tips for businesses on mitigating risks of password reuse by customers and employees.
Find guidance for organizations developing and implementing retention and disposal practices for personal information.
Learn how to reduce the risks associated with transmitting personal information by fax.
Find information for businesses on transferring personal information to third parties, including those operating outside of Canada.
Find information for SMEs about privacy responsibilities and considerations in relation to cloud computing.
Find information related to outsourcing in accordance with PIPEDA.
Report a problem or mistake on this page
- Date modified: