How can I physically secure personal information?

Physical security is an important part of protecting personal information, whether it’s in a paper file or a on device such as a laptop, smartphone, tablet, USB stick or portable hard drive.

Lock sensitive files and devices in secure cabinets at the end of each day, and make sure the last person to leave locks the workspace. If staff need to take files or devices out of the office, make sure they don’t leave them unattended in public places or visible in homes or parked cars.  Read more about handling health files when you're out of the office in our guidance Health on the Road.

You can also put measures in place to minimise the damage if a device goes missing. If you can access personal information through a device, it should have a strong password or encryption. Delete personal information from a device if you no longer need it – if it’s not on the device, it’s not at risk.

If somebody steals a file or device, report it to Police and let them know whether the stolen item contains sensitive information. We have more information on what you can do if there's been a privacy breach. If you have a serious privacy breach you need to notify the Privacy Commissioner and consider whether to notify affected individuals. Our online tool NotifyUs can help you check whether your privacy breach is serious and needs to be notified to OPC.  

Read our general guidance on how to keep information secure.

Updated October 2025