To answer this question, please select the protection measures that you apply to the personal information that you collect. Please select only the measures that you apply to personal information and do not select the measures that you do not apply. Your Privacy Policy will not include the measures that you do not select. To answer this question, please select whether you apply the following protection measures to the personal information that you collect:
Limiting the amount of personal information that we collect to strictly necessary only - please select this option if you collect only the personal information that you need and do not collect any personal information that you do not need;
Using SSL encryption or other secure technologies when receiving or sending personal information beyond internal networks - please select this option if your website or any other websites where you store personal information has an SSL certificate (this can usually be seen via a lockbox next to the URL of the website in your browser);
Destroying and/or deleting personal information once we no longer need it - please select this option of you destroy and/or delete personal information once you no longer need it (e.g. an individual submitted their email address to you for email marketing and, once that individual unsubscribes, you delete their personal information from your list);
Performing regular risk assessments - please select this option if you perform a process to identify the potential hazards and risks that your business faces and how those hazards or risks can impact your business (e.g. the risk of your website not being available or being hacked);
Mitigating risks by following a risk treatment plan - please select this option if, after evaluating the hazards and risks that your business faces, you create and follow a risk treatment plan that mitigates or eliminates the risks or hazards that your business faces;
Having comprehensive written security policies and procedures - please select this option if you have comprehensive written policies and procedures regarding security (e.g. an Information Security Policy, a Password Policy, a Teleworking Policy or an Acceptable Use Policy);
Screening (e.g. performing background checks) all employees with access to personal information - please select this option if you perform background checks on all employees that have access to the personal information of your customers, potential customers, or other employees;
Training our employees on best security practices - please select this option if you provide formal training to your employees on best security practices (e.g. training on how to avoid phishing attacks, how to protect passwords, and how to best ensure the security of their accounts);
Requiring our employees to sign confidentiality agreements - please select this option if you require your employees to sign confidentiality agreements or Nondisclosure Agreements that prevent them from sharing the personal information of your customers, potential customers or other employees with third parties;
Encrypting laptops, USBs and other portable media - please select this option if your company uses laptops, USBs and other portable media and you encrypt such portable media. Encryption is a process that protects the data on a device so that it can only be accessed by people who have authorization, meaning that individuals must have a PIN or an electronic key (a series of numbers and/or letters) to access the device;
Implementing and monitoring intrusion prevention and detection systems (e.g. anti-virus software) - please select this option if you have implemented and monitor systems that prevent and detect intruders such as hackers or scammers that try to gain access to accounts and systems;
Maintaining up-to-date software and safeguards - please select this option if you consistently update the software (e.g. any plugins on your website) and safeguards (e.g. anti-virus software) that is used on your website or application and in your business;
Performing regular due diligence of vendors who have access to personal information - please select this option if you regularly review your vendors for items such as data breaches, lawsuits, claims of security or privacy violations, and fraud;
Implementing physical security measures - please select this option if you have security measures in place such as a locked file cabinets, locked doors or an alarm system that help ensure the physical security of the personal information that you collect;
Physically and/or logically separating systems containing personal information from public networks such as the Internet - please select this item if you physically or logically separate systems with personal information from public networks through, for example, routers and firewalls;
Other - please select this option if you undertake security measures that are not listed above. If you select this option, you will be able to list additional security measures in the empty field provided.
Related privacy laws
Personal Information Protection and Electronic Documents Act (PIPEDA)
Australia Privacy Act 1988