Best Practices for Transporting PI and PHI Outside of the Office

Office of the Saskatchewan Information and Privacy Commissioner. Best Practices for Transporting PI and PHI Outside of the Office. April 2020. 3 Physical Safeguards Physical safeguards are physical measures used to protect PI and PHI and related buildings and equipment from natural and environmental hazards and unauthorized intrusion. Physical safeguards include locked filing cabinets, offices and storage rooms, alarm systems and clean desk policies. The following are some physical safeguards to consider when transporting PI and PHI outside of the office: • Take the least number of files or documents from the office as necessary to carry out your job duties. Sign out files that you are taking and the purpose, so that supervisors can keep track of it. For example, if you are meeting with three clients outside the office, only take the information from the client files that are needed for you to meet with the client. • Have secure storage that is approved by your organization for your files that are outside of the office and are being transported from place to place. • Do not leave files in vehicles unattended. • Secure workspaces and devices at the end of the day or when not in use. Make sure there is a place where you can have your work and devices locked up. • Immediately report devices or other work materials that are either lost or stolen to your Privacy Officer and the police if necessary. • Do not leave laptops, computers, documents or anything containing sensitive information unattended. • Make sure no one can see your work or hear you discussing your work while you are out in public or around other people. Technical Safeguards Technical safeguards are using technology to protect PI and PHI including controlling access to it. Examples include user identifications, passwords, firewalls, and authentication controls, virus scanners and audit capabilities in digital systems. The following are some technical safeguards to consider when transporting PI and PHI outside of the office: • Use only authorized devices for business use and not personal devices. • Do not share devices or passwords with other people like family or friends. • Make sure you have strong passwords for your laptop and mobile devices. If you are unsure about how strong your password is, use this tool to measure the strength of your password: https://www.my1login.com/resources/password- strength-test/.

RkJQdWJsaXNoZXIy MTgwMjYzOA==