Principle 7. Security Safeguards

  • Responsible party must secure the integrity and confidentiality of personal information in its possession or under its control
  • Take reasonable technical and organisational measures to prevent loss of, damage, unlawful access or unauthorised destruction
  • This includes risk management and steps to identify threats
  • The regulator and subject must be informed if there has been or a reasonable expectation of a breach of security