Language selection

Safeguarding personal information

Businesses have an obligation to ensure that it is adequately protected, which can help reduce risk of privacy breaches. This means protecting it against loss or theft, as well as unauthorized access, disclosure, copying, use or modification, and it means protecting the information regardless of its format—whether, for example, it is in electronic or paper form. Using appropriate safeguards is one of the ten principles within Personal Information Protection and Electronic Documents Act (PIPEDA) and is explained in more detail in our Privacy Toolkit for Businesses.

PIPEDA doesn’t specify particular security safeguards that must be used. Rather, the onus is on businesses to determine the appropriate tools for ensuring that personal information is adequately protected—be it physical measures, technological tools, and/or organizational controls.

This page offers information, tools and guidance for businesses on how to fulfil their responsibilities to ensure personal information is safeguarded and secure.


Interpretation of court decisions and findings related to 'Safeguards' and PIPEDA. Interpretations give guidance and are not legally binding.

Ten tips for addressing employee snooping

Get advice on how to prevent and address employee snooping.

Tips for mitigating password reuse risk

Risks, tips for employees, guide for customers

Personal Information Retention and Disposal: Principles and Best Practices

Find guidance for organizations developing and implementing retention and disposal practices for personal information.

Cloud Computing for Small and Medium-sized Enterprises

Find information for SMEs about privacy responsibilities and considerations in relation to cloud computing.

Outsourcing for businesses

Informed consent, data protections

Report a problem or mistake on this page
Please select all that apply (required): Error 1: This field is required.


Date modified: