Principal 7

7. Personal data must be kept secure in order to prevent loss or unauthorised disclosure.

The level of security should reflect the potential harm that could result from misuse or loss of the data. Remember, this will include security of both computer and manual records, such as secure servers, back-up, and arrangements for confidential shredding.

Make sure that you have someone in your business designated for ensuring information security and that you have the right technology, policies and procedures in place so that you can respond to security breaches quickly and effectively.

Put security measures in place so that loss or unauthorised disclosure is prevented. For example, only allowing certain people access to data and using computer security programs.

What to do if there is a security breach is covered in the next section of this course.