Establish safeguards

Establish safeguards

Before you launch your initiative, make sure you have a plan to limit access and protect personal information through physical, technical and administrative safeguards.

You should be reviewing and updating your safeguards any time there are physical, technical or administrative changes to your initiative. This could involve new ways of handling personal information, including the use of a new system or platform, or staff turnover.

Physical safeguards

Physical safeguards are ways to protect your institution’s physical assets, and include:

  • ensuring employees only have access to the floors or rooms where they have security clearance
  • registering visitors at the front desk
  • locking your screen when you leave your desk
  • appropriately storing physical documents or records, according to their classification

Technical safeguards

Technical safeguards are ways to protect electronic data, and include:

  • limiting access to systems or software that host personal information as well as establishing role-based access within a system or software
  • keeping a log of all the instances where personal information has been accessed, modified, or deleted
  • regularly reviewing who has access to personal information and whether that access is still needed
  • a means for your initiative to use de-identified or anonymized information to decrease risks involved in sharing personal information

Your institution’s IT Security team can help you to establish various technical safeguards to protect your personal information.

Administrative safeguards

Administrative safeguards are policies, procedures and practices that protect privacy. Examples include:

Providing regular and up-to-date training is important so that all employees, third parties and contractors understand their roles and responsibilities in protecting personal information and preventing privacy breaches.

Privacy tip: It’s especially important to include safeguards in any contract or ISA when you’re working with third parties.

Privacy Training essentials courses:

Page details

Date modified: