Physical safeguards

Physical safeguards are ways to protect your institution’s physical assets, and include:

• ensuring employees only have access to the floors or rooms where they have security clearance
• registering visitors at the front desk
• locking your screen when you leave your desk
• appropriately storing physical documents or records, according to their classification

Technical safeguards

Technical safeguards are ways to protect electronic data, and include:

• limiting access to systems or software that host personal information as well as establishing role-based access within a system or software
• keeping a log of all the instances where personal information has been accessed, modified, or deleted
• regularly reviewing who has access to personal information and whether that access is still needed
• a means for your initiative to use de-identified or anonymized information to decrease risks involved in sharing personal information

Your institution’s IT Security team can help you to establish various technical safeguards to protect your personal information.

Administrative safeguards

Administrative safeguards are policies, procedures and practices that protect privacy. Examples include:

• Information Sharing Arrangements (ISA)
• a privacy protocol
• privacy awareness training

Providing regular and up-to-date training is important so that all employees, third parties and contractors understand their roles and responsibilities in protecting personal information and preventing privacy breaches.