How can I physically secure personal information?

Physical security is an important part of protecting personal information, whether it’s in a paper file or a on device such as a laptop, smartphone, tablet, USB stick or portable hard drive.

Lock sensitive files and devices in secure cabinets at the end of each day, and make sure the last person to leave locks the workspace. If staff need to take files or devices out of the office, make sure they don’t leave them unattended in public places or visible in homes or parked cars.  See our blog - Working outside the office.

You can also put measures in place to minimise the damage if a device goes missing. If you can access personal information through a device, it should have a strong password or encryption. Delete personal information from a device if you no longer need it – if it’s not on the device, it’s not at risk.

If somebody steals a file or device, report it to Police and let them know whether the stolen item contains sensitive information. We have more information on what you can do if there's been a privacy breach. If you have a serious privacy breach you need to notify the Privacy Commissioner and consider whether to notify affected individuals. Our online tool NotifyUs can help you check whether your privacy breach is serious and needs to be notified to OPC.  

Updated December 2020