Obligation to protect personal information

Businesses must ensure that personal information of their clients and customers are protected at all times in a manner that guarantees the confidentiality, integrity, availability and resilience of the information. The duty to protect personal information extends to taking measures that ensure that personal information is processed in a manner that ensures appropriate security of personal data, including protection against unauthorised or unlawful processing, access, loss, destruction, damage, or any form of data breach. The following are some of the ways that organisation can protect personal information in their custody.

  • Use of encryption to save information in digital format. 
  • Have in place a cybersecurity system that filters for malicious threats where the business is connected to the internet. 
  • Keeping records in dedicated storage rooms with access control and locks
  • Ensuring that only authorized persons have access to personal information
  • Training staff on the importance of protecting confidentiality of personal information processed by the organisation.
Scroll to Top